Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 528
Alerts This Week
Warning Icon 1 528

Fedora 37 Moderate Advisory: webkitgtk Multiple Security Updates

fedora
Calendar Grey May 1, 2023
Dist Fedora Esm H88
Fedora 37 has rolled out security enhancements focusing on WebKitGTK refinements and bug resolutions. Ensure you utilize dnf to acquire the most recent security updates.
* The Bubblewrap sandbox no longer requires setting an application identifier via GApplication to operate correctly

Summary

WebKitGTK is the port of the WebKit web rendering engine to the

GTK platform.

* The Bubblewrap sandbox no longer requires setting an application identifier

via GApplication to operate correctly. Using GApplication is still recommended,

but optional. * Adjust the scrolling speed for mouse wheels to make it feel

more natural. * Allow pasting content using the Asynchronous Clipboard API when

the origin is the same as the clipboard contents. * Improvements to the

GStreamer multimedia playback, in particular around MSE, WebRTC, and seeking. *

Make all supported image types appear in the Accept HTTP header. * Fix text

caret blinking when blinking is disabled in the GTK settings. * Fix default

database quota size definition. * Fix application of all caps tags listed in

the font-feature-settings CSS property. * Fix font height calculations for the

font-size-adjust CSS property. * Fix several crashes and rendering issues. *

Security fixes: CVE-2022-0108, CVE-2022-32885, CVE-2023-25358, CVE-2023-27932,

CVE-2023-27954, CVE-2023-28205

* Wed Apr 19 2023 Michael Catanzaro - 2.40.1-1

- Update to 2.40.1

[ 1 ] Bug #2185729 - CVE-2023-28205 webkitgtk: use-after-free leads to arbitrary code execution [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2185729

su -c 'dnf upgrade --advisory FEDORA-2023-a4bbf02a57' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it:

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Product: Fedora 37
Version: 2.40.1
Release: 1.fc37
Summary: GTK web content engine library

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.