Alpine: multiple webkit2gtk packages: security update to 2.22.4-r3 (deprecated)

high Tenable Self-Hosted Container Security Plugin ID 400529

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3,
tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing
maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-6227)

- Multiple memory corruption issues were addressed with improved memory handling. This issue affected
versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud
for Windows 7.9. (CVE-2018-4437)

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS
12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing
maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-6212)

- A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3,
tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously
crafted web content may lead to arbitrary code execution. (CVE-2019-6215)

- Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS
12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10.
Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2019-6216)

See Also

https://git.alpinelinux.org/aports/commit/?id=81369f8adf260f9e4bea178a6745c6a7c857b983

https://git.alpinelinux.org/aports/commit/?id=ccc2f318230304c6b8f9e6c8bafd85ad60077c32

Plugin Details

Severity: High

ID: 400529

Version: Revision 1.23

Type: Local

Published: 8/16/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.9

Percentile: 97.35

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-6227

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/12/2019

Vulnerability Publication Date: 11/28/2018

Reference Information

CVE: CVE-2018-4437, CVE-2019-6212, CVE-2019-6215, CVE-2019-6216, CVE-2019-6217, CVE-2019-6227, CVE-2019-6229

BID: 106691, 106696, 106699