| Summary: | webkit2 security issues fixed upstream (WSA-2022-0005) | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, herman.viaene, nicolas.salguero, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | webkit2-2.36.2-1.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
Nicolas Salguero
2022-05-30 09:30:52 CEST
Nicolas Salguero
2022-05-30 09:31:30 CEST
Source RPM:
(none) =>
webkit2-2.36.2-1.mga8.src.rpm Suggested advisory: ======================== Updated webkit2 packages fix several crashes and rendering issues. References: https://webkitgtk.org/2022/05/28/webkitgtk2.36.3-released.html ======================== Updated packages in core/updates_testing: ======================== webkit2-2.36.3-1.mga8 webkit2-jsc-2.36.3-1.mga8 lib(64)webkit2gtk-gir4.0-2.36.3-1.mga8 lib(64)javascriptcore-gir4.0-2.36.3-1.mga8 lib(64)javascriptcoregtk4.0_18-2.36.3-1.mga8 lib(64)webkit2gtk4.0_37-2.36.3-1.mga8 lib(64)webkit2-devel-2.36.3-1.mga8 from SRPM: webkit2-2.36.3-1.mga8.src.rpm Whiteboard:
MGA8TOO =>
(none) Suggested advisory: ======================== Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.36.3, fixing several security issues and other bugs. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26700 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26709 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26717 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26716 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26719 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30293 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30294 https://webkitgtk.org/2022/05/28/webkitgtk2.36.3-released.html https://webkitgtk.org/security/WSA-2022-0005.html ======================== Updated packages in core/updates_testing: ======================== webkit2-2.36.3-1.mga8 webkit2-jsc-2.36.3-1.mga8 lib(64)webkit2gtk-gir4.0-2.36.3-1.mga8 lib(64)javascriptcore-gir4.0-2.36.3-1.mga8 lib(64)javascriptcoregtk4.0_18-2.36.3-1.mga8 lib(64)webkit2gtk4.0_37-2.36.3-1.mga8 lib(64)webkit2-devel-2.36.3-1.mga8 from SRPM: webkit2-2.36.3-1.mga8.src.rpm QA Contact:
(none) =>
security MGA8-64 Plasma on Lenovo B50 in Dutch No installation issues. Ref bug 30262 for testing. zenity --calendar and atril work OK Good enough for me. CC:
(none) =>
herman.viaene Tested opening Gnome Web (Epiphany) and Evolution in a Gnome vbox guest, simply because we have had problems with them in the recent past. Both are OK. As with all webkit2 3.6.x updates, Bug 30332 remains in effect. While updating webkit2 exposed that issue, and downgrading it removes the problem, it may well be that drakconf is the actual cause. Confirming the OK, and validating. Advisory in Comment 2. Keywords:
(none) =>
validated_update
Dave Hodgins
2022-06-02 22:54:05 CEST
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0218.html Status:
ASSIGNED =>
RESOLVED |