Lucene search

K
redhatRedHatRHSA-2024:2982
HistoryMay 22, 2024 - 6:35 a.m.

(RHSA-2024:2982) Important: webkit2gtk3 security update

2024-05-2206:35:16
access.redhat.com
7
security update
webkitgtk
gtk platform
arbitrary code execution
denial of service
memory disclosure
cve page
red hat enterprise linux 8.10
release notes

8 High

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

87.7%

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

  • webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-40414)

  • webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)

  • webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-23213)

  • webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents (CVE-2014-1745)

  • webkitgtk: User password may be read aloud by a text-to-speech accessibility feature (CVE-2023-32359)

  • webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (CVE-2023-39928)

  • webkitgtk: Processing web content may lead to a denial of service (CVE-2023-41983)

  • webkitgtk: processing a malicious image may lead to a denial of service (CVE-2023-42883)

  • webkitgtk: processing malicious web content may lead to arbitrary code execution (CVE-2023-42890)

  • webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2024-23206)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.