GNOME is the default desktop environment of Red Hat Enterprise Linux. The following packages have been upgraded to a later upstream version: gdm , webkit2gtk3 . Security Fix: * webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution * LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields in identify.cpp * webkitgtk: Use-after-free leading to arbitrary code execution * webkitgtk: IFrame sandboxing policy violation * webkitgtk: Use-after-free leading to arbitrary code execution * webkitgtk: Type confusion issue leading to arbitrary code execution * webkitgtk: Access to restricted ports on arbitrary servers via port redirection * webkitgtk: IFrame sandboxing policy violation * webkitgtk: Memory corruption issue leading to arbitrary code execution * webkitgtk: Logic issue leading to arbitrary code execution * webkitgtk: Logic issue leading to arbitrary code execution * webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution * webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution * webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution * webkitgtk: Integer overflow leading to arbitrary code execution * webkitgtk: Memory corruption leading to arbitrary code execution * webkitgtk: Logic issue leading to leak of sensitive user information * webkitgtk: Logic issue leading to universal cross site scripting attack * webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers * webkitgtk: Memory corruptions leading to arbitrary code execution * webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack * webkitgtk: Memory corruptions leading to arbitrary code execution * webkitgtk: Type confusion leading to arbitrary code execution * webkitgtk: Use-after-free leading to arbitrary code execution * webkitgtk: Insufficient checks leading to arbitrary code execution * webkitgtk: Memory corruptions leading to arbitrary code execution * webkitgtk: User may be unable to fully delete browsing history * gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory * gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.