SUSE-SU-2024:1270-1 -- SLES webkit2gtk3, WebKitGTK-6.0-lang, WebKitGTK-4.1-lang, WebKitGTK-4.0-lang, typelib-1_0-JavaScriptCore-4_0, webkit2gtk4-debugsource, libwebkit2gtk-4_1-0, libwebkitgtk-6_0-4, webkit2gtk-4_0-injected-bundles, typelib-1_0-WebKit2WebExtension-4_0, typelib-1_0-JavaScriptCore-4_1, libjavascriptcoregtk-6_0-1, libjavascriptcoregtk-4_0-18, libwebkit2gtk-4_0-37, libjavascriptcoregtk-4_1-0, webkit2gtk-4_1-injected-bundles, typelib-1_0-WebKit2-4_1, typelib-1_0-WebKit2-4_0, webkitgtk-6_0-injected-bundles, typelib-1_0-WebKit2WebExtension-4_1
This update for webkit2gtk3 fixes the following issues: * CVE-2024-23252: Fixed denial of service via crafted web content . * CVE-2024-23254: Fixed possible audio data exilftration cross-origin via malicious website . * CVE-2024-23263: Fixed lack of Content Security Policy enforcing via malicious crafted web content . * CVE-2024-23280: Fixed possible user fingeprint via malicious crafted web content . * CVE-2024-23284: Fixed lack of Content Security Policy enforcing via malicious crafted web content . * CVE-2023-42950: Fixed arbitrary code execution via crafted web content . * CVE-2023-42956: Fixed denial of service via crafted web content . * CVE-2023-42843: Fixed address bar spoofing via malicious website . Other fixes: * Update to version 2.44.0 : * Make the DOM accessibility tree reachable from UI process with GTK4. * Removed the X11 and WPE renderers in favor of DMA-BUF. * Improved vblank synchronization when rendering. * Removed key event reinjection in GTK4 to make keyboard shortcuts work in web sites. * Fix gamepads detection by correctly handling focused window in GTK4.
|
 |
30479 |
 |
423868 |
 |
250038 |
 |
909 |
 |
195843 |
 |
282 |
