[Apollo] Advisories Statistics light light Login

RLSA-2024:8180

Security Mirrored from RHSA-2024:8180
Issued at: 2024-10-25
Updated at: 2024-10-25

Synopsis

Important: webkit2gtk3 security update



Description

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)

* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)

* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)

* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)

* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)

* webkitgtk: Visiting a malicious website may lead to address bar spoofing (CVE-2024-40866)

* webkitgtk: A malicious website may cause unexpected cross-origin behavior (CVE-2024-23271)

* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)

* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2024-27838)

* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)

* webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2024-44187)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 9 aarch64 Rocky Linux 9 ppc64le Rocky Linux 9 s390x Rocky Linux 9 x86_64

Fixes

2301841 2302067 2302069 2302070 2302071 2312724 2314696 2314698 2314702 2314704 2314706

CVEs

CVE-2024-23271 CVE-2024-27820 CVE-2024-27838 CVE-2024-27851 CVE-2024-40776 CVE-2024-40779 CVE-2024-40780 CVE-2024-40782 CVE-2024-40789 CVE-2024-40866 CVE-2024-44187

Affected packages

Rocky Linux 9 aarch64 - AppStream

webkit2gtk3-0:2.46.1-2.el9_4.aarch64.rpm webkit2gtk3-0:2.46.1-2.el9_4.src.rpm webkit2gtk3-debuginfo-0:2.46.1-2.el9_4.aarch64.rpm webkit2gtk3-debugsource-0:2.46.1-2.el9_4.aarch64.rpm webkit2gtk3-devel-0:2.46.1-2.el9_4.aarch64.rpm webkit2gtk3-devel-debuginfo-0:2.46.1-2.el9_4.aarch64.rpm webkit2gtk3-jsc-0:2.46.1-2.el9_4.aarch64.rpm webkit2gtk3-jsc-debuginfo-0:2.46.1-2.el9_4.aarch64.rpm webkit2gtk3-jsc-devel-0:2.46.1-2.el9_4.aarch64.rpm webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-2.el9_4.aarch64.rpm

Rocky Linux 9 x86_64 - AppStream

webkit2gtk3-0:2.46.1-2.el9_4.i686.rpm webkit2gtk3-0:2.46.1-2.el9_4.src.rpm webkit2gtk3-0:2.46.1-2.el9_4.x86_64.rpm webkit2gtk3-debuginfo-0:2.46.1-2.el9_4.x86_64.rpm webkit2gtk3-debugsource-0:2.46.1-2.el9_4.x86_64.rpm webkit2gtk3-devel-0:2.46.1-2.el9_4.i686.rpm webkit2gtk3-devel-0:2.46.1-2.el9_4.x86_64.rpm webkit2gtk3-devel-debuginfo-0:2.46.1-2.el9_4.x86_64.rpm webkit2gtk3-jsc-0:2.46.1-2.el9_4.i686.rpm webkit2gtk3-jsc-0:2.46.1-2.el9_4.x86_64.rpm webkit2gtk3-jsc-debuginfo-0:2.46.1-2.el9_4.x86_64.rpm webkit2gtk3-jsc-devel-0:2.46.1-2.el9_4.i686.rpm webkit2gtk3-jsc-devel-0:2.46.1-2.el9_4.x86_64.rpm webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-2.el9_4.x86_64.rpm

Rocky Linux 9 ppc64le - AppStream

webkit2gtk3-0:2.46.1-2.el9_4.ppc64le.rpm webkit2gtk3-0:2.46.1-2.el9_4.src.rpm webkit2gtk3-debuginfo-0:2.46.1-2.el9_4.ppc64le.rpm webkit2gtk3-debugsource-0:2.46.1-2.el9_4.ppc64le.rpm webkit2gtk3-devel-0:2.46.1-2.el9_4.ppc64le.rpm webkit2gtk3-devel-debuginfo-0:2.46.1-2.el9_4.ppc64le.rpm webkit2gtk3-jsc-0:2.46.1-2.el9_4.ppc64le.rpm webkit2gtk3-jsc-debuginfo-0:2.46.1-2.el9_4.ppc64le.rpm webkit2gtk3-jsc-devel-0:2.46.1-2.el9_4.ppc64le.rpm webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-2.el9_4.ppc64le.rpm

Rocky Linux 9 s390x - AppStream

webkit2gtk3-0:2.46.1-2.el9_4.s390x.rpm webkit2gtk3-0:2.46.1-2.el9_4.src.rpm webkit2gtk3-debuginfo-0:2.46.1-2.el9_4.s390x.rpm webkit2gtk3-debugsource-0:2.46.1-2.el9_4.s390x.rpm webkit2gtk3-devel-0:2.46.1-2.el9_4.s390x.rpm webkit2gtk3-devel-debuginfo-0:2.46.1-2.el9_4.s390x.rpm webkit2gtk3-jsc-0:2.46.1-2.el9_4.s390x.rpm webkit2gtk3-jsc-debuginfo-0:2.46.1-2.el9_4.s390x.rpm webkit2gtk3-jsc-devel-0:2.46.1-2.el9_4.s390x.rpm webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-2.el9_4.s390x.rpm