Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Fedora 36: 2022-e883576e1c Moderate: Webkit2gtk3 Memory Flaw

fedora
Calendar Grey June 4, 2022
Dist Fedora Esm H88
Upgrade Fedora 36 by integrating the latest webkit2gtk3 enhancements to boost video playback quality, rectifying security vulnerabilities for an overall performance increase.
Update to 2.36.3: * Support capturing already encoded video streams, which takes advantage of encoding done in hardware by devices which support this feature

Summary

WebKitGTK is the port of the portable web rendering engine WebKit to the

GTK platform.

This package contains WebKit2 based WebKitGTK for GTK 3.

Update to 2.36.3: * Support capturing already encoded video streams, which

takes advantage of encoding done in hardware by devices which support this

feature. * Avoid using experimental GStreamer elements for video demuxing. *

Avoid using the legacy GStreamer VA-API decoding plug-ins, which often cause

rendering issues and are not much maintained. Their usage can be re-enabled

setting WEBKIT_GST_ENABLE_LEGACY_VAAPI=1 in the environment. * Fix playback of

YouTube streams which use dynamic ad insertion. * Fix display capture with

Pipewire. * Fix several crashes and rendering issues.

* Thu Jun 2 2022 Michael Catanzaro 2.36.3-1

- Update to 3.36.3

* Wed May 18 2022 Michael Catanzaro 2.36.2-1

- Update to 2.36.2

[ 1 ] Bug #2092732 - CVE-2022-26700 webkitgtk: Processing maliciously crafted web content may lead to code execution

https://bugzilla.redhat.com/show_bug.cgi?id=2092732

[ 2 ] Bug #2092733 - CVE-2022-26709 webkitgtk: Processing maliciously crafted web content may lead to use-after-free issue

https://bugzilla.redhat.com/show_bug.cgi?id=2092733

[ 3 ] Bug #2092734 - CVE-2022-26716 webkitgtk: Processing maliciously crafted web content may lead to memory corruption

https://bugzilla.redhat.com/show_bug.cgi?id=2092734

[ 4 ] Bug #2092735 - CVE-2022-26717 webkitgtk: Processing maliciously crafted web content may lead to use after free issue

https://bugzilla.redhat.com/show_bug.cgi?id=2092735

su -c 'dnf upgrade --advisory FEDORA-2022-e883576e1c' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory moderate Fedora code execution memory flaw use-after-free webkit2gtk3

Change Log

References

Update Instructions

Product: Fedora 36
Version: 2.36.3
Release: 1.fc36
URL: https://www.webkitgtk.org/
Summary: GTK Web content engine library

Topics%20covered

Topics Covered

security advisory moderate Fedora code execution memory flaw use-after-free webkit2gtk3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here