Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
100
security advisorysecurity updatepatchSUSE: 2024:3005-1 Critical: Security Fixes for Webkit2gtk3 Multiple Threats
* bsc#1228613 * bsc#1228693 * bsc#1228694 * bsc#1228695 * bsc#1228696 . # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2024:3005-1 Rating: important References: * bsc#1228613 * bsc#1228693 * bsc#1228694 * bsc#1228695 * bsc#1228696 * bsc#1228697 * bsc#1228698 Cross-References: * CVE-2023-40782 * CVE-2024-40776 * CVE-2024-40779 * CVE-2024-40780 * CVE-2024-40785 * CVE-2024-40789 * CVE-2024-40794 * CVE-2024-4558 CVSS scores: * CVE-2024-40776 ( SUSE ): 8.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H * CVE-2024-40776 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H * CVE-2024-40776 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2024-40779 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-40779 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-40780 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-40780 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2024-40785 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-40785 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2024-40789 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2024-40794 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves eight vulnerabilities can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.44.3 (bsc#1228696 bsc#1228697 bsc#1228698): * Fix web process cache suspend/resume when sandbox is enabled. * Fix accelerated images dissapearing after scrolling. * Fix video flickering withDMA-BUF sink. * Fix pointer lock on X11. * Fix movement delta on mouse events in GTK3. * Undeprecate console message API and make it available in 2022 API. * Fix several crashes and rendering issues. * Security fixes: CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE-2023-40782, CVE-2024-40785, CVE-2024-40789, CVE-2024-40794, CVE-2024-4558. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-3005=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3005=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3005=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-3005=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2024-3005=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * webkit2gtk3-debugsource-2.44.3-4.12.1 * webkit2gtk3-devel-2.44.3-4.12.1 * typelib-1_0-WebKit2WebExtension-4_0-2.44.3-4.12.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * typelib-1_0-WebKit2-4_0-2.44.3-4.12.1 * webkit2gtk3-debugsource-2.44.3-4.12.1 * webkit2gtk-4_0-injected-bundles-2.44.3-4.12.1 * typelib-1_0-WebKit2WebExtension-4_0-2.44.3-4.12.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.44.3-4.12.1 * libwebkit2gtk-4_0-37-2.44.3-4.12.1 * typelib-1_0-JavaScriptCore-4_0-2.44.3-4.12.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.44.3-4.12.1 * libwebkit2gtk-4_0-37-debuginfo-2.44.3-4.12.1 * libjavascriptcoregtk-4_0-18-2.44.3-4.12.1 * SUSE Linux Enterprise High Performance Computing 12 SP5(noarch) * libwebkit2gtk3-lang-2.44.3-4.12.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * typelib-1_0-WebKit2-4_0-2.44.3-4.12.1 * webkit2gtk3-debugsource-2.44.3-4.12.1 * webkit2gtk-4_0-injected-bundles-2.44.3-4.12.1 * typelib-1_0-WebKit2WebExtension-4_0-2.44.3-4.12.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.44.3-4.12.1 * libwebkit2gtk-4_0-37-2.44.3-4.12.1 * typelib-1_0-JavaScriptCore-4_0-2.44.3-4.12.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.44.3-4.12.1 * libwebkit2gtk-4_0-37-debuginfo-2.44.3-4.12.1 * libjavascriptcoregtk-4_0-18-2.44.3-4.12.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * libwebkit2gtk3-lang-2.44.3-4.12.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * typelib-1_0-WebKit2-4_0-2.44.3-4.12.1 * webkit2gtk3-debugsource-2.44.3-4.12.1 * webkit2gtk-4_0-injected-bundles-2.44.3-4.12.1 * typelib-1_0-WebKit2WebExtension-4_0-2.44.3-4.12.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.44.3-4.12.1 * libwebkit2gtk-4_0-37-2.44.3-4.12.1 * typelib-1_0-JavaScriptCore-4_0-2.44.3-4.12.1 * libjavascriptcoregtk-4_0-18-debuginfo-2.44.3-4.12.1 * libwebkit2gtk-4_0-37-debuginfo-2.44.3-4.12.1 * libjavascriptcoregtk-4_0-18-2.44.3-4.12.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * libwebkit2gtk3-lang-2.44.3-4.12.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libjavascriptcoregtk-4_0-18-32bit-2.44.3-4.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-40782.html * https://www.suse.com/security/cve/CVE-2024-40776.html * https://www.suse.com/security/cve/CVE-2024-40779.html * https://www.suse.com/security/cve/CVE-2024-40780.html * https://www.suse.com/security/cve/CVE-2024-40785.html * https://www.suse.com/security/cve/CVE-2024-40789.html * https://www.suse.com/security/cve/CVE-2024-40794.html * https://www.suse.com/security/cve/CVE-2024-4558.html *https://bugzilla.suse.com/show_bug.cgi?id=1228613 * https://bugzilla.suse.com/show_bug.cgi?id=1228693 * https://bugzilla.suse.com/show_bug.cgi?id=1228694 * https://bugzilla.suse.com/show_bug.cgi?id=1228695 * https://bugzilla.suse.com/show_bug.cgi?id=1228696 * https://bugzilla.suse.com/show_bug.cgi?id=1228697 * https://bugzilla.suse.com/show_bug.cgi?id=1228698 . Critical vulnerabilities addressed in webkit2gtk3 security patch. Important points highlighted in major SUSE announcement.. Security Update, SUSE Linux, Webkit2gtk3, Patch Management. . Severity: Important. LinuxSecurity.com Team
Aug 23, 2024
•Important
SuSE
89
security advisoryfedoraupdateFedora 24: 2017-37f68e3534 Critical: Webkitgtk4 Security Fix
This update addresses the following vulnerabilities: * [CVE-2017-2538](https://www.cve.org/CVERecord?id=CVE-2017-2538) Additional fixes: * Fix web process deadlock when seeking youtube videos. * Fix blob downloads. * Improve theme rendering performance when using GTK+ > = 3.20. * Fix positioning of popup menus in Wayland. * Fix JavaScriptCore crashes on big-. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-37f68e3534 2017-07-25 15:00:33.871654 --------------------------------------------------------------------------------Name : webkitgtk4 Product : Fedora 24 Version : 2.16.5 Release : 1.fc24 URL : https://www.webkitgtk.org/ Summary : GTK+ Web content engine library Description : WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3. --------------------------------------------------------------------------------Update Information: This update addresses the following vulnerabilities: * [CVE-2017-2538](https://www.cve.org/CVERecord?id=CVE-2017-2538) Additional fixes: * Fix web process deadlock when seeking youtube videos. * Fix blob downloads. * Improve theme rendering performance when using GTK+ > = 3.20. * Fix positioning of popup menus in Wayland. * Fix JavaScriptCore crashes on big-endian architectures * Fix a web process crash when page finishes loading in several web sites. * Fix the menu of select elements not showing in some cases under Wayland. * Fix several crashes and rendering issues. --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade webkitgtk4' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used bythe Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jul 25, 2017
•Critical
Fedora
89
security advisoryfedoracriticalFedora: 2017-bff1b87765 Critical: WebKitGTK+ Web Process Risks
This update addresses the following vulnerabilities: * [CVE-2017-2538](https://www.cve.org/CVERecord?id=CVE-2017-2538) Additional fixes: * Fix web process deadlock when seeking youtube videos. * Fix blob downloads. * Improve theme rendering performance when using GTK+ > = 3.20. * Fix positioning of popup menus in Wayland. * Fix JavaScriptCore crashes on big-. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-bff1b87765 2017-07-07 01:58:53.100758 --------------------------------------------------------------------------------Name : webkitgtk4 Product : Fedora 25 Version : 2.16.5 Release : 1.fc25 URL : https://www.webkitgtk.org/ Summary : GTK+ Web content engine library Description : WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3. --------------------------------------------------------------------------------Update Information: This update addresses the following vulnerabilities: * [CVE-2017-2538](https://www.cve.org/CVERecord?id=CVE-2017-2538) Additional fixes: * Fix web process deadlock when seeking youtube videos. * Fix blob downloads. * Improve theme rendering performance when using GTK+ > = 3.20. * Fix positioning of popup menus in Wayland. * Fix JavaScriptCore crashes on big-endian architectures * Fix a web process crash when page finishes loading in several web sites. * Fix the menu of select elements not showing in some cases under Wayland. * Fix several crashes and rendering issues. --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade webkitgtk4' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used bythe Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jul 07, 2017
•Critical
Fedora
89
security advisorymoderateFedoraFedora 26: 2017-772bf90b03 Moderate WebkitGTK4 Crash and Performance Bugs
This update addresses the following vulnerabilities: * [CVE-2017-2538](https://www.cve.org/CVERecord?id=CVE-2017-2538) Additional fixes: * Fix web process deadlock when seeking youtube videos. * Fix blob downloads. * Improve theme rendering performance when using GTK+ > = 3.20. * Fix positioning of popup menus in Wayland. * Fix several crashes and rendering. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-772bf90b03 2017-06-23 14:18:33.252262 --------------------------------------------------------------------------------Name : webkitgtk4 Product : Fedora 26 Version : 2.16.4 Release : 1.fc26 URL : https://www.webkitgtk.org/ Summary : GTK+ Web content engine library Description : WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This package contains WebKitGTK+ for GTK+ 3. --------------------------------------------------------------------------------Update Information: This update addresses the following vulnerabilities: * [CVE-2017-2538](https://www.cve.org/CVERecord?id=CVE-2017-2538) Additional fixes: * Fix web process deadlock when seeking youtube videos. * Fix blob downloads. * Improve theme rendering performance when using GTK+ > = 3.20. * Fix positioning of popup menus in Wayland. * Fix several crashes and rendering issues. * Fix JavaScriptCore crashes on big-endian architectures --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade webkitgtk4' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jun 23, 2017
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!