[ALSA-2024:8180] Important: webkit2gtk3 security update
Type:
security
Severity:
important
Release date:
2024-10-18
Description:
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fix(es): * webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776) * webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789) * webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780) * webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779) * webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782) * webkitgtk: Visiting a malicious website may lead to address bar spoofing (CVE-2024-40866) * webkitgtk: A malicious website may cause unexpected cross-origin behavior (CVE-2024-23271) * webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820) * webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2024-27838) * webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851) * webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2024-44187) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 webkit2gtk3-devel-2.46.1-2.el9_4.aarch64.rpm 32d8f91797448d9918f892d78f5e9052c01f0dbccf0840146696af139ec8ebe9
aarch64 webkit2gtk3-jsc-devel-2.46.1-2.el9_4.aarch64.rpm 4d4c981cceaad4a8876db22c4b921973acd1beb61bb0895639292c48770dbf2d
aarch64 webkit2gtk3-2.46.1-2.el9_4.aarch64.rpm c29376bb0a18469934fcc12efa6a9d0e1612968cf70f921b9be85e8bf8852368
aarch64 webkit2gtk3-jsc-2.46.1-2.el9_4.aarch64.rpm ef5ebd392dfe69453e3a2be7957dda0a86f21c8b0d76fa3019112b5a4be69d5e
i686 webkit2gtk3-jsc-devel-2.46.1-2.el9_4.i686.rpm 37398f16b696e23cf49f752050eba83072743fe1ae6f43d31597500ce6226e13
i686 webkit2gtk3-2.46.1-2.el9_4.i686.rpm 9b0ec8379e207348de2f723b6bac3904bf7ebb35a7fef5e9489a6301daf226fb
i686 webkit2gtk3-devel-2.46.1-2.el9_4.i686.rpm c6e81c421a01e239acd04af1a281af9886233d73cde515524e6a082c30bb2fa2
i686 webkit2gtk3-jsc-2.46.1-2.el9_4.i686.rpm f30edc47ca73738dc575967f1faa524de2b44e4425b14c23eabafd73d6d110c4
ppc64le webkit2gtk3-2.46.1-2.el9_4.ppc64le.rpm 09c6ee18c94ef7e905bd52afe8871a01565b6c47b4f0fcd099e3f13c8b329c0c
ppc64le webkit2gtk3-jsc-2.46.1-2.el9_4.ppc64le.rpm 75c05e125fef9746ccd5bda2d15dc9d597e631c73a711554e28c6b21cc1933ae
ppc64le webkit2gtk3-jsc-devel-2.46.1-2.el9_4.ppc64le.rpm 92690a122a038f57197690e59bcd6cc13fa65cde0995baf482edb39b15138671
ppc64le webkit2gtk3-devel-2.46.1-2.el9_4.ppc64le.rpm cb8340dbbeb783500f1895536d461fd4cff35b356268bfab1f5bd005f658f84a
s390x webkit2gtk3-jsc-devel-2.46.1-2.el9_4.s390x.rpm 64ce1c297a162a634e390f2db40e0f131b720db0d8276636646bc271c1d4c09b
s390x webkit2gtk3-devel-2.46.1-2.el9_4.s390x.rpm 9a1591c999175fc803a48347f6809f1c7ad601bb61b128ba4ebc60904ffebe92
s390x webkit2gtk3-jsc-2.46.1-2.el9_4.s390x.rpm a09861b87d50758ccae6560069aeacd46c3e7368a0be58b88029c78ec6683e78
s390x webkit2gtk3-2.46.1-2.el9_4.s390x.rpm d650e2395c2caa81bab9bc6ca8825dea89b8601674cbb727ab9e394d6600d42b
x86_64 webkit2gtk3-jsc-devel-2.46.1-2.el9_4.x86_64.rpm 125c5149e55dfeeb2a235fcbc0f43944b3ccaed797404cd7e75d42ce488bd88e
x86_64 webkit2gtk3-2.46.1-2.el9_4.x86_64.rpm 648c82d2db769736d7f7c90c07999a7c8842dcec6f79bddb66a3621c7be6400a
x86_64 webkit2gtk3-jsc-2.46.1-2.el9_4.x86_64.rpm e27d8a4418aef5c1352f0a311aba61119d9d00082fab303adf8392894865e129
x86_64 webkit2gtk3-devel-2.46.1-2.el9_4.x86_64.rpm f2cfddaf7b0d9f7a58c1abb46d3d8bea9d76841d6793f7a76f96154a1bb0e2bb
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.