7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
Low
0.017 Low
EPSS
Percentile
87.7%
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-40414)
webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)
webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-23213)
webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents (CVE-2014-1745)
webkitgtk: User password may be read aloud by a text-to-speech accessibility feature (CVE-2023-32359)
webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (CVE-2023-39928)
webkitgtk: Processing web content may lead to a denial of service (CVE-2023-41983)
webkitgtk: processing a malicious image may lead to a denial of service (CVE-2023-42883)
webkitgtk: processing malicious web content may lead to arbitrary code execution (CVE-2023-42890)
webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2024-23206)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section.
bugzilla.redhat.com/show_bug.cgi?id=2241400
bugzilla.redhat.com/show_bug.cgi?id=2254326
bugzilla.redhat.com/show_bug.cgi?id=2254327
bugzilla.redhat.com/show_bug.cgi?id=2269743
bugzilla.redhat.com/show_bug.cgi?id=2270141
bugzilla.redhat.com/show_bug.cgi?id=2270143
bugzilla.redhat.com/show_bug.cgi?id=2270151
bugzilla.redhat.com/show_bug.cgi?id=2271449
bugzilla.redhat.com/show_bug.cgi?id=2271453
bugzilla.redhat.com/show_bug.cgi?id=2271456
errata.rockylinux.org/RLSA-2024:2982
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
Low
0.017 Low
EPSS
Percentile
87.7%