Fedora Linux 8783 Published by

A webkitgtk security update has been released for Fedora 37.



[SECURITY] Fedora 37 Update: webkitgtk-2.42.1-1.fc37


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-1536766e9f
2023-10-14 01:26:08.208215
--------------------------------------------------------------------------------

Name : webkitgtk
Product : Fedora 37
Version : 2.42.1
Release : 1.fc37
URL : https://www.webkitgtk.org/
Summary : GTK web content engine library
Description :
WebKitGTK is the port of the WebKit web rendering engine to the
GTK platform.

--------------------------------------------------------------------------------
Update Information:

* New renderer based on DMA-BUF shared buffers. * Add new permission request
to handle DOM paste access requests. * Add API to configure experimental
features at runtime. * Add API to set the percentage of volume space that can
be used for data storage. * GBM is no longer required for WebGL implementation.
* Security fixes: CVE-2023-39928, CVE-2023-41074, CVE-2023-41993
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 27 2023 Michael Catanzaro [mcatanzaro@redhat.com] - 2.42.1-1
- Update to 2.40.1 and fix GL dependencies
* Fri Sep 15 2023 Michael Catanzaro [mcatanzaro@redhat.com] - 2.42.0-1
- Upgrade to 2.42.0
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2240526 - CVE-2023-41993 webkitgtk: processing malicious web content may lead to arbitrary code execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2240526
[ 2 ] Bug #2241401 - CVE-2023-39928 webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2241401
[ 3 ] Bug #2241404 - CVE-2023-35074 webkitgtk: processing web content may lead to arbitrary code execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2241404
[ 4 ] Bug #2241413 - CVE-2023-41074 webkitgtk: processing web content may lead to arbitrary code execution [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2241413
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-1536766e9f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------