Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 40: webkitgtk 2.48.0 critical: multiple security issues

fedora
Calendar Grey April 4, 2025
Dist Fedora Esm H88
Update to webkitgtk 2.48.0 in Fedora 40 to address multiple security issues and improve overall safety.
Upgrade to 2.48.0: Move tile rendering to worker threads when rendering with the GPU

Summary

WebKitGTK is the port of the WebKit web rendering engine to the

GTK platform.

Update Information:

Upgrade to 2.48.0: Move tile rendering to worker threads when rendering with the GPU. Fix preserve-3D intersection rendering. Added new function for creating Promise objects to the JavaScriptCore GLib API. The MediaRecorder backend gained WebM support (requires at least GStreamer 1.24.9) and audio bitrate configuration support. Fix invalid DPI-aware font size conversion. Bring back support for OpenType-SVG fonts using Skia SVG module. Add metadata (title and creation/modification date) to the PDF document generated for printing. Propagate the font’s computed locale to HarfBuzz. The GPU process build is now enabled for WebGL, but the web process is still used by default. The runtime flag UseGPUProcessForWebGL can be used to use the GPU process for WebGL. Fix CVE-2025-24201, CVE-2024-44192, CVE-2024-54467

Topics%20covered

Topics Covered

security advisory Fedora out-of-bounds data exfiltration webkitgtk process crash

Change Log

* Tue Mar 18 2025 Michael Catanzaro - 2.48.0-1 - Update to WebKitGTK 2.48.0

References


[ 1 ] Bug #2352356 - CVE-2025-24201 webkitgtk: out-of-bounds write vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2352356 [ 2 ] Bug #2353875 - CVE-2024-44192 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2353875 [ 3 ] Bug #2353950 - CVE-2024-54467 webkitgtk: A malicious website may exfiltrate data cross-origin [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2353950

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-0c6c204dae' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: webkitgtk
Product: Fedora 40
Version: 2.48.0
Release: 1.fc40
URL: https://www.webkitgtk.org/
Summary: GTK web content engine library

Topics%20covered

Topics Covered

security advisory Fedora out-of-bounds data exfiltration webkitgtk process crash

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here