(RHSA-2024:2982) Important: webkit2gtk3 security update

2024-05-2206:35:16

access.redhat.com

security update

webkitgtk

gtk platform

arbitrary code execution

denial of service

memory disclosure

cve page

red hat enterprise linux 8.10

release notes

8 High

AI Score

Confidence

Low

0.017 Low

EPSS

Percentile

87.7%

JSON

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-40414)
webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2023-42852)
webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-23213)
webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents (CVE-2014-1745)
webkitgtk: User password may be read aloud by a text-to-speech accessibility feature (CVE-2023-32359)
webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (CVE-2023-39928)
webkitgtk: Processing web content may lead to a denial of service (CVE-2023-41983)
webkitgtk: processing a malicious image may lead to a denial of service (CVE-2023-42883)
webkitgtk: processing malicious web content may lead to arbitrary code execution (CVE-2023-42890)
webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2024-23206)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8ppc64lewebkit2gtk3-debuginfo< 2.42.5-1.el8webkit2gtk3-debuginfo-2.42.5-1.el8.ppc64le.rpm
RedHat8x86_64webkit2gtk3-debugsource< 2.42.5-1.el8webkit2gtk3-debugsource-2.42.5-1.el8.x86_64.rpm
RedHat8s390xwebkit2gtk3-devel< 2.42.5-1.el8webkit2gtk3-devel-2.42.5-1.el8.s390x.rpm
RedHat8aarch64webkit2gtk3-jsc-devel< 2.42.5-1.el8webkit2gtk3-jsc-devel-2.42.5-1.el8.aarch64.rpm
RedHat8ppc64lewebkit2gtk3-jsc< 2.42.5-1.el8webkit2gtk3-jsc-2.42.5-1.el8.ppc64le.rpm
RedHat8i686webkit2gtk3-jsc-devel< 2.42.5-1.el8webkit2gtk3-jsc-devel-2.42.5-1.el8.i686.rpm
RedHat8aarch64webkit2gtk3-debugsource< 2.42.5-1.el8webkit2gtk3-debugsource-2.42.5-1.el8.aarch64.rpm
RedHat8s390xwebkit2gtk3< 2.42.5-1.el8webkit2gtk3-2.42.5-1.el8.s390x.rpm
RedHat8aarch64webkit2gtk3-devel< 2.42.5-1.el8webkit2gtk3-devel-2.42.5-1.el8.aarch64.rpm
RedHat8x86_64webkit2gtk3-jsc< 2.42.5-1.el8webkit2gtk3-jsc-2.42.5-1.el8.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	ppc64le	webkit2gtk3-debuginfo	< 2.42.5-1.el8	webkit2gtk3-debuginfo-2.42.5-1.el8.ppc64le.rpm
RedHat	8	x86_64	webkit2gtk3-debugsource	< 2.42.5-1.el8	webkit2gtk3-debugsource-2.42.5-1.el8.x86_64.rpm
RedHat	8	s390x	webkit2gtk3-devel	< 2.42.5-1.el8	webkit2gtk3-devel-2.42.5-1.el8.s390x.rpm
RedHat	8	aarch64	webkit2gtk3-jsc-devel	< 2.42.5-1.el8	webkit2gtk3-jsc-devel-2.42.5-1.el8.aarch64.rpm
RedHat	8	ppc64le	webkit2gtk3-jsc	< 2.42.5-1.el8	webkit2gtk3-jsc-2.42.5-1.el8.ppc64le.rpm
RedHat	8	i686	webkit2gtk3-jsc-devel	< 2.42.5-1.el8	webkit2gtk3-jsc-devel-2.42.5-1.el8.i686.rpm
RedHat	8	aarch64	webkit2gtk3-debugsource	< 2.42.5-1.el8	webkit2gtk3-debugsource-2.42.5-1.el8.aarch64.rpm
RedHat	8	s390x	webkit2gtk3	< 2.42.5-1.el8	webkit2gtk3-2.42.5-1.el8.s390x.rpm
RedHat	8	aarch64	webkit2gtk3-devel	< 2.42.5-1.el8	webkit2gtk3-devel-2.42.5-1.el8.aarch64.rpm
RedHat	8	x86_64	webkit2gtk3-jsc	< 2.42.5-1.el8	webkit2gtk3-jsc-2.42.5-1.el8.x86_64.rpm