Fedora 35: 2022-e7726761c4 Critical: Webkit2gtk3 Memory Handling Issue

WebKitGTK is the port of the portable web rendering engine WebKit to the

GTK platform.

This package contains WebKit2 based WebKitGTK for GTK 3.

* Fix scrolling issues in some sites having fixed background. * Fix prolonged

buffering during progressive live playback. * Fix several crashes and rendering

issues. * Security fixes: CVE-2022-42799, CVE-2022-42823, CVE-2022-42824 ----* Make xdg-dbus-proxy work if host session bus address is an abstract socket. *

Use a single xdg-dbus-proxy process when sandbox is enabled. * Fix high

resolution video playback due to unimplemented changeType operation. * Ensure

GSubprocess uses posix_spawn() again and inherit file descriptors. * Fix player

getting stuck in buffering (paused) state for progressive streaming. * Do not

try to preconnect on link click when link preconnect setting is disabled. * Fix

close status code returned when the client closes a WebSocket in some cases. *

Fix media player duration calculation. * Fix several crashes and rendering

issues.

* Fri Nov 4 2022 Michael Catanzaro 2.38.2-1

- Update to 2.38.2

* Tue Oct 25 2022 Michael Catanzaro 2.38.1-1

- Update to 2.38.1

[ 1 ] Bug #2140510 - CVE-2022-42799 webkit2gtk3: webkitgtk: a issue was addressed with improved UI handling [fedora-35]

https://bugzilla.redhat.com/show_bug.cgi?id=2140510

[ 2 ] Bug #2140516 - CVE-2022-42824 webkit2gtk3: webkitgtk: A logic issue was addressed with improved state management [fedora-35]

https://bugzilla.redhat.com/show_bug.cgi?id=2140516

[ 3 ] Bug #2140522 - CVE-2022-42823 webkit2gtk3: webkitgtk: A type confusion issue was addressed with improved memory handling [fedora-35]

https://bugzilla.redhat.com/show_bug.cgi?id=2140522

su -c 'dnf upgrade --advisory FEDORA-2022-e7726761c4' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it: