REDHAT-BUG-2188543: Use After Free
First published: Fri Apr 21 2023(Updated: )
The WebKitGTK flaw <a href="https://access.redhat.com/security/cve/CVE-2023-28205">CVE-2023-28205</a> (<a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED ERRATA - CVE-2023-28205 WebKitGTK: use-after-free leads to arbitrary code execution" href="show_bug.cgi?id=2185724">bug 2185724</a>) was addressed in Red Hat Enterprise Linux 8 via erratum RHSA-2023:1919 and in Red Hat Enterprise Linux 9 via erratum RHSA-2023:1918, released on Apr 20, 2023: <a href="https://access.redhat.com/errata/RHSA-2023:1919">https://access.redhat.com/errata/RHSA-2023:1919</a> <a href="https://access.redhat.com/errata/RHSA-2023:1918">https://access.redhat.com/errata/RHSA-2023:1918</a> However, the fix for this issue was not included in the WebKitGTK updates released as part of Red Hat Enterprise Linux 8.8 GA erratum (RHSA-2023:2834) and Red Hat Enterprise Linux 9.2 GA erratum (RHSA-2023:2256), causing a security regression of previously released fix. A new CVE-ID <a href="https://access.redhat.com/security/cve/CVE-2023-2203">CVE-2023-2203</a> was assigned for this security regression. Note that this issue and CVE-ID is specific to the WebKitGTK packages as shipped with Red Hat Enterprise Linux and is not applicable to any upstream WebKitGTK version or WebKitGTK packages of any other vendor that are not directly based on Red Hat Enterprise Linux packages. For more information about the original flaw, refer to the CVE page or bug linked above.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Enterprise Linux | <8.8 | |
| Red Hat Enterprise Linux | <9.2 | |
| WebKit |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2023-28205
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2185724
- https://access.redhat.com/errata/RHSA-2023:1919
- https://access.redhat.com/errata/RHSA-2023:1918
- https://access.redhat.com/security/cve/CVE-2023-2203
- https://access.redhat.com/errata/RHSA-2023:2653
- https://access.redhat.com/errata/RHSA-2023:3108
- https://access.redhat.com/security/cve/cve-2023-2203
- https://bugzilla.redhat.com/show_bug.cgi?id=2188543
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-2203
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/red hat
- canonical/red hat enterprise linux
- canonical/webkit