Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Fedora 40: FEDORA-2024-2g2d2748e4 Urgent: WebKit Remote Code Exploit

fedora
Calendar Grey August 27, 2024
Dist Fedora Esm H88
Fedora 40 introduces essential safety patches for webkit2gtk4.0, addressing multiple security flaws.
Update to 2.44.3

Summary

WebKitGTK is the port of the WebKit web rendering engine to the

GTK platform. This package contains WebKitGTK for GTK 3 and libsoup 2.

Update Information:

Update to 2.44.3

Change Log

* Fri Aug 16 2024 Michael Catanzaro - 2.44.3-2 - Add patch to fix WebAssembly * Wed Aug 14 2024 Pete Walter - 2.44.3-1 - Update to 2.44.3 * Sat Jul 20 2024 Fedora Release Engineering - 2.44.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Tue Jun 18 2024 Michael Catanzaro - 2.44.2-2 - Add patch to fix excessive CPU usage * Tue Jun 18 2024 Pete Walter - 2.44.2-1 - Update to 2.44.2

References


[ 1 ] Bug #2282416 - CVE-2024-27834 webkit2gtk4.0: webkit: pointer authentication bypass [fedora-rawhide] https://bugzilla.redhat.com/show_bug.cgi?id=2282416 [ 2 ] Bug #2301845 - CVE-2024-40776 webkit2gtk4.0: Use after free may lead to Remote Code Execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2301845 [ 3 ] Bug #2302091 - CVE-2024-40782 webkit2gtk4.0: Use after free may lead to Remote Code Execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2302091 [ 4 ] Bug #2302092 - CVE-2024-40780 webkit2gtk4.0: Out-of-bounds read was addressed with improved bounds checking [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2302092 [ 5 ] Bug #2302098 - CVE-2024-40779 webkit2gtk4.0: Out-of-bounds read was addressed with improved bounds checking [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2302098 [ 6 ] Bug #2302105 - CVE-2024-40789 webkit2gtk4.0: Processing maliciously crafted web con...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-1f1c0537d3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: webkit2gtk4.0
Product: Fedora 40
Version: 2.44.3
Release: 2.fc40
Summary: WebKitGTK for GTK 3 and libsoup 2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here