Alerts This Week
Warning Icon 1 1,009
Alerts This Week
Warning Icon 1 1,009

Fedora 41: FEDORA-2024-92d80d7f9a high: WebKitGTK Cross-Origin Risks

fedora
Calendar Grey October 10, 2024
Dist Fedora Esm H88
Fedora 41 has released a WebKitGTK security advisory addressing significant vulnerabilities, including threats related to cross-origin data leaks and potential code execution exploits.
Update to 2.46.1

Summary

WebKitGTK is the port of the WebKit web rendering engine to the

GTK platform. This package contains WebKitGTK for GTK 3 and libsoup 2.

Update Information:

Update to 2.46.1

Topics%20covered

Topics Covered

security advisory fedora update code execution xss cross-origin webkit2gtk

Change Log

* Thu Oct 3 2024 Michael Catanzaro - 2.46.1-2 - Add patch to fix build with LLVM 19 * Tue Oct 1 2024 Pete Walter - 2.46.1-1 - Update to 2.46.1 * Tue Oct 1 2024 Pete Walter - 2.46.0-2 - Add missing sysprof-capture-4 BuildRequires * Wed Sep 18 2024 Pete Walter - 2.46.0-1 - Update to 2.46.0

References


[ 1 ] Bug #2314731 - CVE-2024-44187 webkit2gtk4.0: A malicious website may exfiltrate data cross-origin [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2314731 [ 2 ] Bug #2314733 - CVE-2024-40857 webkit2gtk4.0: Processing maliciously crafted web content may lead to universal cross site scripting [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2314733 [ 3 ] Bug #2314743 - CVE-2024-27851 webkit2gtk4.0: Processing maliciously crafted web content may lead to arbitrary code execution [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2314743 [ 4 ] Bug #2314747 - CVE-2024-23271 webkit2gtk4.0: A malicious website may cause unexpected cross-origin behavior [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2314747 [ 5 ] Bug #2314749 - CVE-2024-27838 webkit2gtk4.0: A maliciously crafted webpage may be able to fingerprint the user [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2314749 [ 6 ] Bug #2...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-92d80d7f9a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: webkit2gtk4.0
Product: Fedora 41
Version: 2.46.1
Release: 2.fc41
URL: https://www.webkitgtk.org/
Summary: WebKitGTK for GTK 3 and libsoup 2

Topics%20covered

Topics Covered

security advisory fedora update code execution xss cross-origin webkit2gtk

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here