Bug 2253058 (CVE-2023-42917)

Summary: CVE-2023-42917 webkitgtk: Arbitrary Remote Code Execution
Product: [Other] Security Response Reporter: Marco Benatto <mbenatto>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: gsuckevi, jwest, kyoshida
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: webkitgtk 2.42.3 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution. This vulnerability is known to be actively exploited in the wild and was included in the CISA's KEV catalog.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2253059    
Bug Blocks: 2253040    

Description Marco Benatto 2023-12-05 19:46:58 UTC 
Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. A memory corruption vulnerability was addressed with improved locking.

Reference:
https://webkitgtk.org/security/WSA-2023-0011.html
Comment 1 Marco Benatto 2023-12-05 19:47:11 UTC 
Created webkitgtk tracking bugs for this issue:

Affects: fedora-all [bug 2253059]
Comment 8 errata-xmlrpc 2023-12-11 09:39:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:7715 https://access.redhat.com/errata/RHSA-2023:7715
Comment 9 errata-xmlrpc 2023-12-11 09:49:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7716 https://access.redhat.com/errata/RHSA-2023:7716
Comment 10 errata-xmlrpc 2024-10-28 00:54:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:8492 https://access.redhat.com/errata/RHSA-2024:8492
Comment 11 errata-xmlrpc 2024-10-28 01:11:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:8496 https://access.redhat.com/errata/RHSA-2024:8496
Comment 13 errata-xmlrpc 2024-11-14 11:57:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:9646 https://access.redhat.com/errata/RHSA-2024:9646
Comment 14 errata-xmlrpc 2024-11-14 12:16:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:9653 https://access.redhat.com/errata/RHSA-2024:9653
Comment 15 errata-xmlrpc 2024-11-14 15:18:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2024:9680 https://access.redhat.com/errata/RHSA-2024:9680
Comment 16 errata-xmlrpc 2024-11-14 15:30:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Via RHSA-2024:9679 https://access.redhat.com/errata/RHSA-2024:9679
Comment 17 errata-xmlrpc 2025-02-26 07:41:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:2982 https://access.redhat.com/errata/RHSA-2024:2982
Comment 18 errata-xmlrpc 2025-02-26 07:49:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:2126 https://access.redhat.com/errata/RHSA-2024:2126