+++ This bug was initially created as a clone of Bug #17662 +++ Upstream has issued an advisory on December 28: http://webkitgtk.org/security/WSA-2015-0002.html Some of the issues have been fixed in the old webkit 2.4.x branch in 2.4.10: http://www.webkitgtk.org/2016/03/14/webkitgtk2.4.10-released.html I talked about this in more detail here: https://ml.mageia.org/l/arc/dev/2016-01/msg00078.html Updated package uploaded for Mageia 5. Advisory: ======================== Updated webkit packages fix security vulnerabilities: The webkit package has been updated to version 2.4.10, fixing several security issues and other bugs. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1748 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1071 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1076 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1081 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1083 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1120 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1122 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1127 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1153 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1155 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3658 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3659 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3727 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3731 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3741 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3743 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3745 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3747 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3748 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3749 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3752 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5788 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5794 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5801 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5809 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5822 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5928 http://webkitgtk.org/security/WSA-2015-0002.html http://www.webkitgtk.org/2016/03/14/webkitgtk2.4.10-released.html ======================== Updated packages in core/updates_testing: ======================== webkit-2.4.10-1.mga5 webkit1.0-2.4.10-1.mga5 libwebkitgtk1.0_0-2.4.10-1.mga5 libjavascriptcoregtk1.0_0-2.4.10-1.mga5 libwebkitgtk1.0-devel-2.4.10-1.mga5 webkit-gtklauncher-2.4.10-1.mga5 webkit-jsc-2.4.10-1.mga5 webkit3-2.4.10-1.mga5 webkit3.0-2.4.10-1.mga5 libwebkitgtk3.0_0-2.4.10-1.mga5 libjavascriptcoregtk3.0_0-2.4.10-1.mga5 libwebkitgtk3.0-devel-2.4.10-1.mga5 webkit3-gtklauncher-2.4.10-1.mga5 webkit3-jsc-2.4.10-1.mga5 libjavascriptcore-gir1.0-2.4.10-1.mga5 libwebkit-gir1.0-2.4.10-1.mga5 libjavascriptcore-gir3.0-2.4.10-1.mga5 libwebkit-gir3.0-2.4.10-1.mga5 from webkit-2.4.10-1.mga5.src.rpm
Fedora has issued an advisory for this on March 20: https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179133.html
Some of the CVEs in the URL, some here: http://lwn.net/Vulnerabilities/674266/
URL: http://lwn.net/Vulnerabilities/674266/ => http://lwn.net/Vulnerabilities/680797/
MGA5-32 on Acer D620 Xfce No installation issues. Applied same test as per bug16914 Comment3 and got the same result. OK for me.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA5-32-OK
Validating. Advisory todo.
Keywords: (none) => validated_updateWhiteboard: MGA5-32-OK => has_procedure MGA5-32-OKCC: (none) => sysadmin-bugs
CC: (none) => davidwhodginsWhiteboard: has_procedure MGA5-32-OK => has_procedure MGA5-32-OK advisory
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0120.html
Status: NEW => RESOLVEDResolution: (none) => FIXED