Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 35: FEDORA-2022-cbd155f714 Critical: Webkit2gtk3 Security Issues

fedora
Calendar Grey February 11, 2022
Dist Fedora Esm H88
Upgrading to webkit2gtk3 version 2.34.5 addresses numerous problems and vital security patches impacting the Fedora 35 release.
Update to 2.34.5: * Improve VP8 codec selection when using GStreamer 1.20

Summary

WebKitGTK is the port of the portable web rendering engine WebKit to the

GTK platform.

This package contains WebKit2 based WebKitGTK for GTK 3.

Update to 2.34.5: * Improve VP8 codec selection when using GStreamer 1.20. *

Fix connecting to the accessibility bus when using the Bubblewrap sandbox. *

Fix links being incorrectly activated when starting a pinch zoom gesture. * Fix

touch-based scrolling. * Fix several crashes and rendering issues. * Security

fixes: CVE-2022-22589, CVE-2022-22590, CVE-2022-22592

* Wed Feb 9 2022 Michael Catanzaro 2.34.5-1

- Update to WebKitGTK 2.34.5

[ 1 ] Bug #2053180 - CVE-2022-22589 webkit2gtk3: webkitgtk: Processing a maliciously crafted mail message may lead to running arbitrary javascript [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2053180

[ 2 ] Bug #2053182 - CVE-2022-22590 webkit2gtk3: webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2053182

[ 3 ] Bug #2053186 - CVE-2022-22592 webkit2gtk3: webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2053186

su -c 'dnf upgrade --advisory FEDORA-2022-cbd155f714' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory critical Fedora code execution security fix accessibility webkit2gtk3

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 35
Version: 2.34.5
Release: 1.fc35
URL: https://www.webkitgtk.org/
Summary: GTK Web content engine library

Topics%20covered

Topics Covered

security advisory critical Fedora code execution security fix accessibility webkit2gtk3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here