What Are You Looking For?

Sign Up
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-1536766e9f
2023-10-14 01:26:08.208215
--------------------------------------------------------------------------------

Name        : webkitgtk
Product     : Fedora 37
Version     : 2.42.1
Release     : 1.fc37
URL         : https://www.webkitgtk.org/
Summary     : GTK web content engine library
Description :
WebKitGTK is the port of the WebKit web rendering engine to the
GTK platform.

--------------------------------------------------------------------------------
Update Information:

 * New renderer based on DMA-BUF shared buffers.  * Add new permission request
to handle DOM paste access requests.  * Add API to configure experimental
features at runtime.  * Add API to set the percentage of volume space that can
be used for data storage.  * GBM is no longer required for WebGL implementation.
* Security fixes: CVE-2023-39928, CVE-2023-41074, CVE-2023-41993
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 27 2023 Michael Catanzaro  - 2.42.1-1
- Update to 2.40.1 and fix GL dependencies
* Fri Sep 15 2023 Michael Catanzaro  - 2.42.0-1
- Upgrade to 2.42.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2240526 - CVE-2023-41993 webkitgtk: processing malicious web content may lead to arbitrary code execution [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2240526
  [ 2 ] Bug #2241401 - CVE-2023-39928 webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2241401
  [ 3 ] Bug #2241404 - CVE-2023-35074 webkitgtk: processing web content may lead to arbitrary code execution [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2241404
  [ 4 ] Bug #2241413 - CVE-2023-41074 webkitgtk: processing web content may lead to arbitrary code execution [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2241413
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-1536766e9f' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

Fedora 37: webkitgtk 2023-1536766e9f

October 14, 2023
* New renderer based on DMA-BUF shared buffers

Summary

WebKitGTK is the port of the WebKit web rendering engine to the

GTK platform.

Update Information:

* New renderer based on DMA-BUF shared buffers. * Add new permission request to handle DOM paste access requests. * Add API to configure experimental features at runtime. * Add API to set the percentage of volume space that can be used for data storage. * GBM is no longer required for WebGL implementation. * Security fixes: CVE-2023-39928, CVE-2023-41074, CVE-2023-41993

Change Log

* Wed Sep 27 2023 Michael Catanzaro - 2.42.1-1 - Update to 2.40.1 and fix GL dependencies * Fri Sep 15 2023 Michael Catanzaro - 2.42.0-1 - Upgrade to 2.42.0

References

[ 1 ] Bug #2240526 - CVE-2023-41993 webkitgtk: processing malicious web content may lead to arbitrary code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2240526 [ 2 ] Bug #2241401 - CVE-2023-39928 webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2241401 [ 3 ] Bug #2241404 - CVE-2023-35074 webkitgtk: processing web content may lead to arbitrary code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2241404 [ 4 ] Bug #2241413 - CVE-2023-41074 webkitgtk: processing web content may lead to arbitrary code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2241413

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-1536766e9f' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : webkitgtk
Product : Fedora 37
Version : 2.42.1
Release : 1.fc37
URL : https://www.webkitgtk.org/
Summary : GTK web content engine library

Related News

New CacheWarp AMD CPU attack lets hackers gain root in Linux VMs

Nov 15, 2023

Learn About the Best Features of Kali Linux

Nov 13, 2023

Remotely Exploitable ClamAV DoS Bug Discovered & Fixed

Aug 31, 2023

Remotely Exploitable DoS, Request Smuggling Netty Vulns Fixed

May 4, 2023

News

Advisories

HOWTOs

Features

Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap

About Us

Powered By

Footer Logo