Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 38: 2023-5b61346bbe Critical: WebKitGTK Security Fix

fedora
Calendar Grey April 22, 2023
Dist Fedora Esm H88
The recent Fedora WebKitGTK update brings major performance gains and essential security fixes, including CVE-2023-28205, addressing critical vulnerabilities.
* The Bubblewrap sandbox no longer requires setting an application identifier via GApplication to operate correctly

Summary

WebKitGTK is the port of the WebKit web rendering engine to the

GTK platform.

* The Bubblewrap sandbox no longer requires setting an application identifier

via GApplication to operate correctly. Using GApplication is still recommended,

but optional. * Adjust the scrolling speed for mouse wheels to make it feel

more natural. * Allow pasting content using the Asynchronous Clipboard API when

the origin is the same as the clipboard contents. * Improvements to the

GStreamer multimedia playback, in particular around MSE, WebRTC, and seeking. *

Make all supported image types appear in the Accept HTTP header. * Fix text

caret blinking when blinking is disabled in the GTK settings. * Fix default

database quota size definition. * Fix application of all caps tags listed in

the font-feature-settings CSS property. * Fix font height calculations for the

font-size-adjust CSS property. * Fix several crashes and rendering issues. *

Security fixes: CVE-2022-0108, CVE-2022-32885, CVE-2023-25358, CVE-2023-27932,

CVE-2023-27954, CVE-2023-28205

* Wed Apr 19 2023 Michael Catanzaro - 2.40.1-1

- Update to 2.40.1

[ 1 ] Bug #2185729 - CVE-2023-28205 webkitgtk: use-after-free leads to arbitrary code execution [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2185729

su -c 'dnf upgrade --advisory FEDORA-2023-5b61346bbe' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it:

Topics%20covered

Topics Covered

security advisory security update Fedora code execution critical fix software improvement webkitgtk

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 38
Version: 2.40.1
Release: 1.fc38
URL: https://www.webkitgtk.org/
Summary: GTK web content engine library

Topics%20covered

Topics Covered

security advisory security update Fedora code execution critical fix software improvement webkitgtk

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here