Описание
Important: webkit2gtk3 security update
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
-
webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)
-
webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)
-
webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)
-
webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)
-
webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)
-
webkitgtk: Visiting a malicious website may lead to address bar spoofing (CVE-2024-40866)
-
webkitgtk: A malicious website may cause unexpected cross-origin behavior (CVE-2024-23271)
-
webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)
-
webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2024-27838)
-
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)
-
webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2024-44187)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Затронутые продукты
Rocky Linux 9
Ссылки на источники
Исправления
- Red Hat - 2301841
- Red Hat - 2302067
- Red Hat - 2302069
- Red Hat - 2302070
- Red Hat - 2302071
- Red Hat - 2312724
- Red Hat - 2314696
- Red Hat - 2314698
- Red Hat - 2314702
- Red Hat - 2314704
- Red Hat - 2314706
