Bug 2314700 (CVE-2024-27833)

Summary: CVE-2024-27833 webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient input validation, which attackers could exploit to execute malicious code on affected systems.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2314752, 2314753    
Bug Blocks:    

Description OSIDB Bzimport 2024-09-25 15:41:52 UTC 
Processing maliciously crafted web content may lead to arbitrary code execution. An integer overflow was addressed with improved input validation.
Comment 1 Robb Gatica 2024-09-25 20:01:41 UTC 
https://webkitgtk.org/security/WSA-2024-0005.html
Comment 3 errata-xmlrpc 2024-10-28 01:10:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2024:8496 https://access.redhat.com/errata/RHSA-2024:8496
Comment 5 errata-xmlrpc 2024-11-14 10:16:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:9638 https://access.redhat.com/errata/RHSA-2024:9638
Comment 6 errata-xmlrpc 2024-11-14 11:57:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:9646 https://access.redhat.com/errata/RHSA-2024:9646
Comment 7 errata-xmlrpc 2024-11-14 12:17:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2024:9653 https://access.redhat.com/errata/RHSA-2024:9653
Comment 8 errata-xmlrpc 2024-11-14 15:19:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2024:9680 https://access.redhat.com/errata/RHSA-2024:9680
Comment 9 errata-xmlrpc 2024-11-14 15:31:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Via RHSA-2024:9679 https://access.redhat.com/errata/RHSA-2024:9679