webkit2gtk3-2.46.3-1.el9

エラータID: AXSA:2024-9303:07

Release date: 
Thursday, December 12, 2024 - 20:59
Subject: 
webkit2gtk3-2.46.3-1.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

* webkitgtk: Visiting a malicious website may lead to address bar spoofing (CVE-2024-40866)
* webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2024-44187)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44185)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44244)
* webkitgtk: webkit2gtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2024-44296)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-40866
The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing.
CVE-2024-44185
The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2024-44187
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
CVE-2024-44244
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2024-44296
The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, visionOS 2.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

Solution: 

Update packages.

CVEs: 
CVE-2024-40866
The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing.
CVE-2024-44185
The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2024-44187
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
CVE-2024-44244
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2024-44296
The issue was addressed with improved checks. This issue is fixed in tvOS 18.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, watchOS 11.1, visionOS 2.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
Additional Info: 

N/A

Download: 

SRPMS
  1. webkit2gtk3-2.46.3-1.el9.src.rpm
    MD5: 1bd833ad18706c0b4c483d9ce51d760e
    SHA-256: 9c8955898a21809023f66265324928bd885009c1fedb9344b18da248ee598ed8
    Size: 40.87 MB

Asianux Server 9 for x86_64
  1. webkit2gtk3-2.46.3-1.el9.i686.rpm
    MD5: 8aa08e6008472bf7199eb52f3a84a26e
    SHA-256: 9a8ea7fde05e1a24e5ced322a2dec4026cf32fa2b70819b4a9b4fdbece804b43
    Size: 29.82 MB
  2. webkit2gtk3-2.46.3-1.el9.x86_64.rpm
    MD5: 3688120a83a9b9b5f4552ea8ffe8f3b4
    SHA-256: 6a31cc2a18c3eca77463d7e0abd2eeb1bb6bb945bd73705d0ca28bbced3ffc4f
    Size: 24.88 MB
  3. webkit2gtk3-devel-2.46.3-1.el9.i686.rpm
    MD5: d64680d39aba5182cb7d9c8c37718014
    SHA-256: 56b89c996ff8a7cb73f81621edfec3187012dab974cb70ed51aced239c0542d0
    Size: 375.47 kB
  4. webkit2gtk3-devel-2.46.3-1.el9.x86_64.rpm
    MD5: b59276cbc73ef500b7837336848c851e
    SHA-256: 5d1b1c3db856195672109ab138e6c611a8bb0d692969b5d0f29d19298de12d18
    Size: 368.32 kB
  5. webkit2gtk3-jsc-2.46.3-1.el9.i686.rpm
    MD5: a40f8e63e0f88cf05ea035d670b7e592
    SHA-256: c5fd29b02e6362dadda05c13510290c4233822c11b9db7ff9497ce803ffdaa5b
    Size: 4.18 MB
  6. webkit2gtk3-jsc-2.46.3-1.el9.x86_64.rpm
    MD5: 21a9d315e456e4f5457a201a348a7fc0
    SHA-256: ba809beb7d72d0aac01fd8d7f213b1884c6c49e5776e63aec3b176ab177e3f9a
    Size: 4.43 MB
  7. webkit2gtk3-jsc-devel-2.46.3-1.el9.i686.rpm
    MD5: 90b064e207c8aa686970866b47ea5945
    SHA-256: 1188515109157911f7c346e352ab2de4930e67c71cdd5a81dd5c1a3126d1b1d4
    Size: 184.51 kB
  8. webkit2gtk3-jsc-devel-2.46.3-1.el9.x86_64.rpm
    MD5: b44713a84c9a6b3e12140baf71d50df0
    SHA-256: 35b2677af98d5c227b22fa14afcb4c935b6b41ae6a6c6913afc713d46174f9eb
    Size: 170.78 kB