ALSA-2024:9636

[ALSA-2024:9636] Important: webkit2gtk3 security update

Type:

security

Severity:

important

Release date:

2024-11-15

Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.  

Security Fix(es):  

  * chromium-browser: Use after free in ANGLE (CVE-2024-4558)
  * webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)
  * webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)
  * webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)
  * webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)
  * webkitgtk: Visiting a malicious website may lead to address bar spoofing (CVE-2024-40866)
  * webkitgtk: A malicious website may cause unexpected cross-origin behavior (CVE-2024-23271)
  * webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)
  * webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2024-27838)
  * webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)
  * webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2024-44187)
  * webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)
  * webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)
  * webkitgtk: webkit2gtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2024-44296)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	webkit2gtk3-jsc-2.46.3-1.el8_10.aarch64.rpm	1d08f9a5b0bc09ee08db20320556e35a11100d39f51424ef82c7f2cdf9953e36
aarch64	webkit2gtk3-devel-2.46.3-1.el8_10.aarch64.rpm	34af7d9de63a79b60d567cd5148d7426e9aaf08070ba6106f31f542ceaca868f
aarch64	webkit2gtk3-2.46.3-1.el8_10.aarch64.rpm	98a5e24b6de34fbe1206913224f0696017e33d0cd4a58af313316b09f0bc1523
aarch64	webkit2gtk3-jsc-devel-2.46.3-1.el8_10.aarch64.rpm	a5f35e00f16b84a11d3cb6a50ac58f275349ae97f5e289ed938239c1707c8e0d
i686	webkit2gtk3-jsc-devel-2.46.3-1.el8_10.i686.rpm	40dca0fe93d2eb836b34aac1547f08defe12f2b03188d842efcd2d800f1cfb18
i686	webkit2gtk3-devel-2.46.3-1.el8_10.i686.rpm	70c920e2f7e61ffd7bfc0f3e39789e349dcfa58e4d882d381e08219c07b9064f
i686	webkit2gtk3-2.46.3-1.el8_10.i686.rpm	829adbb297783998c99582a4e6504eac057c97355e97f21e3c4b20ffcca3ae5a
i686	webkit2gtk3-jsc-2.46.3-1.el8_10.i686.rpm	fcc96827227fc7079b83466bde6f77252c887eebf401a5a4332f01e4bcfc4b67
ppc64le	webkit2gtk3-devel-2.46.3-1.el8_10.ppc64le.rpm	0b7a0bc35e8a51f76d11f4812b829f95e7c39591d5d3f1fdffe19be6a39a4049
ppc64le	webkit2gtk3-2.46.3-1.el8_10.ppc64le.rpm	2b982f7a6751d69925bb5cebcdbf641f9c6b82ec40e3fb58fc26c3007098a456
ppc64le	webkit2gtk3-jsc-devel-2.46.3-1.el8_10.ppc64le.rpm	881c8676e05e6e4a910b50c77f275991b79c234ea6671627a322c0a1c706b84a
ppc64le	webkit2gtk3-jsc-2.46.3-1.el8_10.ppc64le.rpm	c8fab956c0076598eb04ccace325347ebce86256061b08b5c6d49f4c00a0baa7
s390x	webkit2gtk3-2.46.3-1.el8_10.s390x.rpm	0535b1dff3b5873432c348cf64a561bc122f1741dff14769c5879eb6c94953ae
s390x	webkit2gtk3-jsc-devel-2.46.3-1.el8_10.s390x.rpm	0a2dc4b7767a6bc27048ca8572bc727826560750ac57d589af9e2e3534a26139
s390x	webkit2gtk3-jsc-2.46.3-1.el8_10.s390x.rpm	55c6d5af884b2f51dde3befd8375d11c3225ac6b5da9213d052ab66f5b509ca0
s390x	webkit2gtk3-devel-2.46.3-1.el8_10.s390x.rpm	e37fdcafcceb9cbd8a7a908264cd34d056a61c32ecc5efcfc9716e56bc9cb64d
x86_64	webkit2gtk3-2.46.3-1.el8_10.x86_64.rpm	055ea7cd18770724ccc20ed0c371d9dd5840df266cd81bf5a4ee18b98d698f8c
x86_64	webkit2gtk3-jsc-devel-2.46.3-1.el8_10.x86_64.rpm	be2e45d35300f3f2c25dba22103f021e4dfc10aa9f6112eabff790c44bc57c30
x86_64	webkit2gtk3-devel-2.46.3-1.el8_10.x86_64.rpm	d8663d85a52cdce77cb83508c5f8299bd3917380cd0e42680fb68a11257c96e6
x86_64	webkit2gtk3-jsc-2.46.3-1.el8_10.x86_64.rpm	f6039bf2fc8c268da73a4de87e3bd6ffce4f00878abf32c865ed9eca176dfab0

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.