Stay Secure with the Latest Linux Advisories

security advisorycriticalFedora

Fedora 28: FEDORA-2018-97c58e29e4 critical: web security issue

This update addresses the following vulnerabilities: * [CVE-2018-4200](https://www.cve.org/CVERecord?id=CVE-2018-4200) Additional fixes: * Do TLS error checking on GTlsConnection::accept-certificate to finish the load earlier in case of errors. * Properly close the connection to the nested wayland compositor in the Web Process. * Avoid painting backing. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-97c58e29e4 2018-05-11 21:12:37.978975 --------------------------------------------------------------------------------Name : webkit2gtk3 Product : Fedora 28 Version : 2.20.2 Release : 1.fc28 URL : https://www.webkitgtk.org/ Summary : GTK+ Web content engine library Description : WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKit2 based WebKitGTK+ for GTK+ 3. --------------------------------------------------------------------------------Update Information: This update addresses the following vulnerabilities: * [CVE-2018-4200](https://www.cve.org/CVERecord?id=CVE-2018-4200) Additional fixes: * Do TLS error checking on GTlsConnection::accept-certificate to finish the load earlier in case of errors. * Properly close the connection to the nested wayland compositor in the Web Process. * Avoid painting backing stores for zero-opacity layers. * Fix downloads started by context menu failing in some websites due to missing user agent HTTP header. * Fix video unpause when GStreamerGL is disabled. * Fix several GObject introspection annotations. * Update user agent quirks to fix Outlook.com and Chase.com. * Fix several crashes and rendering issues. --------------------------------------------------------------------------------ChangeLog: * Wed May 9 2018 Tomas Popela - 2.20.2-1 - Update to 2.20.2 --------------------------------------------------------------------------------This update can be installed with the "dnf"update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-97c58e29e4' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. . This Fedora upgrade addresses vulnerabilities in WebKitGTK+ and improves online safety as well as overall system resilience.. Fedora Security Update, WebKitGTK+ Enhancements, TLS Error Management. . Severity: Critical. LinuxSecurity.com Team

May 11, 2018 •Critical Fedora