Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 27: 2018-93ba62d099 Critical: webkitgtk4 DoS Threat

fedora
Calendar Grey May 15, 2018
Dist Fedora Esm H88
Security notice for Fedora 27 highlighting urgent vulnerabilities within webkitgtk4, which encompass Denial of Service (DoS) threats and errors in TLS validation.
This update addresses the following vulnerabilities: * [CVE-2018-4200](https://www.cve.org/CVERecord?id=CVE-2018-4200) Additional fixes: * Do TLS error checking on GTlsConnection::...

Summary

WebKitGTK+ is the port of the portable web rendering engine WebKit to the

GTK+ platform.

This package contains WebKitGTK+ for GTK+ 3.

This update addresses the following vulnerabilities: *

[CVE-2018-4200](https://www.cve.org/CVERecord?id=CVE-2018-4200)

Additional fixes: * Do TLS error checking on GTlsConnection::accept-certificate

to finish the load earlier in case of errors. * Properly close the connection to

the nested wayland compositor in the Web Process. * Avoid painting backing

stores for zero-opacity layers. * Fix downloads started by context menu failing

in some websites due to missing user agent HTTP header. * Fix video unpause when

GStreamerGL is disabled. * Fix several GObject introspection annotations. *

Update user agent quirks to fix Outlook.com and Chase.com. * Fix several crashes

and rendering issues.

* Wed May 9 2018 Tomas Popela - 2.20.2-1

- Update to 2.20.2

* Tue Apr 10 2018 Tomas Popela - 2.20.1-1

- Update to 2.20.1

* Mon Mar 12 2018 Tomas Popela - 2.20.0-1

- Update to 2.20.0

* Wed Jan 24 2018 Tomas Popela - 2.18.6-1

- Update to 2.18.6

* Wed Jan 10 2018 Tomas Popela - 2.18.5-1

- Update to 2.18.5

* Tue Dec 19 2017 Tomas Popela - 2.18.4-1

- Update to 2.18.4

* Mon Nov 13 2017 Tomas Popela - 2.18.3-1

- Update to 2.18.3

* Thu Nov 2 2017 Kalev Lember - 2.18.2-2

- Fix gir directory ownership

* Fri Oct 27 2017 Tomas Popela - 2.18.2-1

- Update to 2.18.2

* Wed Oct 18 2017 Tomas Popela - 2.18.1-1

- Update to 2.18.1

su -c 'dnf upgrade --advisory FEDORA-2018-93ba62d099' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory critical issue fedora DoS webkitgtk4 TLS error

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 27
Version: 2.20.2
Release: 1.fc27
URL: https://www.webkitgtk.org/
Summary: GTK+ Web content engine library

Topics%20covered

Topics Covered

security advisory critical issue fedora DoS webkitgtk4 TLS error

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here