Fedora 40 Update: webkitgtk-2.48.0-1.fc40
[SECURITY] Fedora 40 Update: webkitgtk-2.48.0-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-0c6c204dae
2025-04-04 01:29:45.950918+00:00
--------------------------------------------------------------------------------
Name : webkitgtk
Product : Fedora 40
Version : 2.48.0
Release : 1.fc40
URL : https://www.webkitgtk.org/
Summary : GTK web content engine library
Description :
WebKitGTK is the port of the WebKit web rendering engine to the
GTK platform.
--------------------------------------------------------------------------------
Update Information:
Upgrade to 2.48.0:
Move tile rendering to worker threads when rendering with the GPU.
Fix preserve-3D intersection rendering.
Added new function for creating Promise objects to the JavaScriptCore GLib API.
The MediaRecorder backend gained WebM support (requires at least GStreamer
1.24.9) and audio bitrate configuration support.
Fix invalid DPI-aware font size conversion.
Bring back support for OpenType-SVG fonts using Skia SVG module.
Add metadata (title and creation/modification date) to the PDF document
generated for printing.
Propagate the font???s computed locale to HarfBuzz.
The GPU process build is now enabled for WebGL, but the web process is still
used by default. The runtime flag UseGPUProcessForWebGL can be used to use the
GPU process for WebGL.
Fix CVE-2025-24201, CVE-2024-44192, CVE-2024-54467
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 18 2025 Michael Catanzaro [mcatanzaro@redhat.com] - 2.48.0-1
- Update to WebKitGTK 2.48.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2352356 - CVE-2025-24201 webkitgtk: out-of-bounds write vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2352356
[ 2 ] Bug #2353875 - CVE-2024-44192 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2353875
[ 3 ] Bug #2353950 - CVE-2024-54467 webkitgtk: A malicious website may exfiltrate data cross-origin [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2353950
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-0c6c204dae' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
