RLSA-2022:8054

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

• webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22624)

• webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-22628)

• webkitgtk: Buffer overflow leading to arbitrary code execution (CVE-2022-22629)

• webkitgtk: Cookie management issue leading to sensitive user information disclosure (CVE-2022-22662)

• webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26700)

• webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26709)

• webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26710)

• webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26716)

• webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2022-26717)

• webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2022-26719)

• webkitgtk: Heap buffer overflow in WebCore::TextureMapperLayer::setContentsLayer leading to arbitrary code execution (CVE-2022-30293)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section.