Fedora 33 Security Alert: Critical WebKitGTK Code Execution Threat

WebKitGTK is the port of the portable web rendering engine WebKit to the

GTK platform.

This package contains WebKit2 based WebKitGTK for GTK 3.

Update to WebKitGTK 2.30.3: * Fix backdrop filters with rounded borders. *

Fix scrolling iframes when async scrolling is enabled. * Allow applications to

handle drag and drop on the web view again. * Update Outlook user agent quirk.

* Fix several crashes and rendering issues. * Security fixes: CVE-2020-9983,

CVE-2020-13584

* Tue Nov 24 2020 Michael Catanzaro - 2.30.3-1

- Update to 2.30.3

[ 1 ] Bug #1899961 - webkit2gtk3-2.30.3 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1899961

[ 2 ] Bug #1901213 - CVE-2020-13584 webkit2gtk3: webkitgtk: use-after-free may lead to arbitrary code execution [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1901213

[ 3 ] Bug #1901222 - CVE-2020-9983 webkit2gtk3: webkitgtk: out-of-bounds write may lead to code execution [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1901222

su -c 'dnf upgrade --advisory FEDORA-2020-145877bcd3' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/