RLSA-2024:9636

Security

Mirrored from RHSA-2024:9636

Issued at: 2024-11-19

Updated at: 2024-11-19

Synopsis

Important: webkit2gtk3 security update

Description

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

* chromium-browser: Use after free in ANGLE (CVE-2024-4558)

* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)

* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)

* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)

* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)

* webkitgtk: Visiting a malicious website may lead to address bar spoofing (CVE-2024-40866)

* webkitgtk: A malicious website may cause unexpected cross-origin behavior (CVE-2024-23271)

* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)

* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2024-27838)

* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)

* webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2024-44187)

* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)

* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)

* webkitgtk: webkit2gtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2024-44296)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 8 aarch64

Rocky Linux 8 x86_64

Fixes

2279689

2302067

2302069

2302070

2302071

2312724

2314696

2314698

2314702

2314704

2314706

2323263

2323278

2323289

CVEs

CVE-2024-23271

CVE-2024-27820

CVE-2024-27838

CVE-2024-27851

CVE-2024-40779

CVE-2024-40780

CVE-2024-40782

CVE-2024-40789

CVE-2024-40866

CVE-2024-44185

CVE-2024-44187

CVE-2024-44244

CVE-2024-44296

CVE-2024-4558

Affected packages

Rocky Linux 8 aarch64 - AppStream

webkit2gtk3-0:2.46.3-1.el8_10.aarch64.rpm

webkit2gtk3-0:2.46.3-1.el8_10.src.rpm

webkit2gtk3-debuginfo-0:2.46.3-1.el8_10.aarch64.rpm

webkit2gtk3-debugsource-0:2.46.3-1.el8_10.aarch64.rpm

webkit2gtk3-devel-0:2.46.3-1.el8_10.aarch64.rpm

webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_10.aarch64.rpm

webkit2gtk3-jsc-0:2.46.3-1.el8_10.aarch64.rpm

webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_10.aarch64.rpm

webkit2gtk3-jsc-devel-0:2.46.3-1.el8_10.aarch64.rpm

webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_10.aarch64.rpm

Rocky Linux 8 x86_64 - AppStream

webkit2gtk3-0:2.46.3-1.el8_10.i686.rpm

webkit2gtk3-0:2.46.3-1.el8_10.src.rpm

webkit2gtk3-0:2.46.3-1.el8_10.x86_64.rpm

webkit2gtk3-debuginfo-0:2.46.3-1.el8_10.i686.rpm

webkit2gtk3-debuginfo-0:2.46.3-1.el8_10.x86_64.rpm

webkit2gtk3-debugsource-0:2.46.3-1.el8_10.i686.rpm

webkit2gtk3-debugsource-0:2.46.3-1.el8_10.x86_64.rpm

webkit2gtk3-devel-0:2.46.3-1.el8_10.i686.rpm

webkit2gtk3-devel-0:2.46.3-1.el8_10.x86_64.rpm

webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_10.i686.rpm

webkit2gtk3-devel-debuginfo-0:2.46.3-1.el8_10.x86_64.rpm

webkit2gtk3-jsc-0:2.46.3-1.el8_10.i686.rpm

webkit2gtk3-jsc-0:2.46.3-1.el8_10.x86_64.rpm

webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_10.i686.rpm

webkit2gtk3-jsc-debuginfo-0:2.46.3-1.el8_10.x86_64.rpm

webkit2gtk3-jsc-devel-0:2.46.3-1.el8_10.i686.rpm

webkit2gtk3-jsc-devel-0:2.46.3-1.el8_10.x86_64.rpm

webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_10.i686.rpm

webkit2gtk3-jsc-devel-debuginfo-0:2.46.3-1.el8_10.x86_64.rpm