WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. The following packages have been upgraded to a later upstream version: webkit2gtk3 . Security Fix: * webkitgtk: maliciously crafted web content may lead to arbitrary code execution due to use after free * webkitgtk: Use-after-free leading to arbitrary code execution * webkitgtk: Type confusion issue leading to arbitrary code execution * webkitgtk: Logic issue leading to HSTS bypass * webkitgtk: Memory corruption issue leading to arbitrary code execution * webkitgtk: Memory corruption issue leading to arbitrary code execution * webkitgtk: Multiple memory corruption issue leading to arbitrary code execution * webkitgtk: Memory corruption issue leading to arbitrary code execution * webkitgtk: Logic issue leading to Content Security Policy bypass * webkitgtk: Information leak via Content Security Policy reports * webkitgtk: Buffer overflow leading to arbitrary code execution * webkitgtk: Logic issue leading to universal cross-site scripting * webkitgtk: Cross-origin data exfiltration via resource timing API * webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution * webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution * webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution * webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution * webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution * webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution * webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution * webkitgtk: Incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create * webkitgtk: use-after-free in WebCore::ContainerNode::firstChild * webkitgtk: use-after-free in WebCore::Frame::page * webkitgtk: Processing a maliciously crafted mail message may lead to running arbitrary javascript * webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution * webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced * webkitgtk: A malicious website may exfiltrate data cross-origin * webkitgtk: logic issue was addressed with improved state management * webkitgtk: Out-of-bounds read leading to memory disclosure * webkitgtk: CSS compositing issue leading to revealing of the browsing history For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.6 Release Notes linked from the References section.