{"type":"TYPE_SECURITY","shortCode":"RL","name":"RLSA-2024:8180","synopsis":"Important: webkit2gtk3 security update","severity":"SEVERITY_IMPORTANT","topic":"An update is available for webkit2gtk3.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list","description":"WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)\n\n* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)\n\n* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)\n\n* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)\n\n* webkitgtk: Visiting a malicious website may lead to address bar spoofing (CVE-2024-40866)\n\n* webkitgtk: A malicious website may cause unexpected cross-origin behavior (CVE-2024-23271)\n\n* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)\n\n* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2024-27838)\n\n* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)\n\n* webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2024-44187)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","solution":null,"affectedProducts":["Rocky Linux 9"],"fixes":[{"ticket":"2301841","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2301841","description":""},{"ticket":"2302067","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2302067","description":""},{"ticket":"2302069","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2302069","description":""},{"ticket":"2302070","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2302070","description":""},{"ticket":"2302071","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2302071","description":""},{"ticket":"2312724","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2312724","description":""},{"ticket":"2314696","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2314696","description":""},{"ticket":"2314698","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2314698","description":""},{"ticket":"2314702","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2314702","description":""},{"ticket":"2314704","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2314704","description":""},{"ticket":"2314706","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2314706","description":""}],"cves":[{"name":"CVE-2024-23271","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-23271","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2024-27820","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-27820","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2024-27838","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-27838","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2024-27851","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-27851","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2024-40776","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-40776","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2024-40779","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-40779","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2024-40780","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-40780","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2024-40782","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-40782","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2024-40789","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-40789","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2024-40866","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-40866","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2024-44187","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2024-44187","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"}],"references":[],"publishedAt":"2024-10-25T17:17:26.358059Z","rpms":{"Rocky Linux 9":{"nvras":["webkit2gtk3-0:2.46.1-2.el9_4.aarch64.rpm","webkit2gtk3-0:2.46.1-2.el9_4.i686.rpm","webkit2gtk3-0:2.46.1-2.el9_4.ppc64le.rpm","webkit2gtk3-0:2.46.1-2.el9_4.s390x.rpm","webkit2gtk3-0:2.46.1-2.el9_4.src.rpm","webkit2gtk3-0:2.46.1-2.el9_4.x86_64.rpm","webkit2gtk3-debuginfo-0:2.46.1-2.el9_4.aarch64.rpm","webkit2gtk3-debuginfo-0:2.46.1-2.el9_4.ppc64le.rpm","webkit2gtk3-debuginfo-0:2.46.1-2.el9_4.s390x.rpm","webkit2gtk3-debuginfo-0:2.46.1-2.el9_4.x86_64.rpm","webkit2gtk3-debugsource-0:2.46.1-2.el9_4.aarch64.rpm","webkit2gtk3-debugsource-0:2.46.1-2.el9_4.ppc64le.rpm","webkit2gtk3-debugsource-0:2.46.1-2.el9_4.s390x.rpm","webkit2gtk3-debugsource-0:2.46.1-2.el9_4.x86_64.rpm","webkit2gtk3-devel-0:2.46.1-2.el9_4.aarch64.rpm","webkit2gtk3-devel-0:2.46.1-2.el9_4.i686.rpm","webkit2gtk3-devel-0:2.46.1-2.el9_4.ppc64le.rpm","webkit2gtk3-devel-0:2.46.1-2.el9_4.s390x.rpm","webkit2gtk3-devel-0:2.46.1-2.el9_4.x86_64.rpm","webkit2gtk3-devel-debuginfo-0:2.46.1-2.el9_4.aarch64.rpm","webkit2gtk3-devel-debuginfo-0:2.46.1-2.el9_4.ppc64le.rpm","webkit2gtk3-devel-debuginfo-0:2.46.1-2.el9_4.s390x.rpm","webkit2gtk3-devel-debuginfo-0:2.46.1-2.el9_4.x86_64.rpm","webkit2gtk3-jsc-0:2.46.1-2.el9_4.aarch64.rpm","webkit2gtk3-jsc-0:2.46.1-2.el9_4.i686.rpm","webkit2gtk3-jsc-0:2.46.1-2.el9_4.ppc64le.rpm","webkit2gtk3-jsc-0:2.46.1-2.el9_4.s390x.rpm","webkit2gtk3-jsc-0:2.46.1-2.el9_4.x86_64.rpm","webkit2gtk3-jsc-debuginfo-0:2.46.1-2.el9_4.aarch64.rpm","webkit2gtk3-jsc-debuginfo-0:2.46.1-2.el9_4.ppc64le.rpm","webkit2gtk3-jsc-debuginfo-0:2.46.1-2.el9_4.s390x.rpm","webkit2gtk3-jsc-debuginfo-0:2.46.1-2.el9_4.x86_64.rpm","webkit2gtk3-jsc-devel-0:2.46.1-2.el9_4.aarch64.rpm","webkit2gtk3-jsc-devel-0:2.46.1-2.el9_4.i686.rpm","webkit2gtk3-jsc-devel-0:2.46.1-2.el9_4.ppc64le.rpm","webkit2gtk3-jsc-devel-0:2.46.1-2.el9_4.s390x.rpm","webkit2gtk3-jsc-devel-0:2.46.1-2.el9_4.x86_64.rpm","webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-2.el9_4.aarch64.rpm","webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-2.el9_4.ppc64le.rpm","webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-2.el9_4.s390x.rpm","webkit2gtk3-jsc-devel-debuginfo-0:2.46.1-2.el9_4.x86_64.rpm"]}},"rebootSuggested":false,"buildReferences":[]}