Upstream has issued an advisory on December 19: https://webkitgtk.org/security/WSA-2017-0010.html The issues are fixed upstream in 2.18.4: https://webkitgtk.org/2017/12/19/webkitgtk2.18.4-released.html
Assignee: bugsquad => nicolas.salgueroWhiteboard: (none) => MGA6TOOSource RPM: (none) => webkit2-2.18.3-1.mga6.src.rpm
Suggested advisory: ======================== Updated webkit2 packages fix security vulnerabilities: The webkit2 package has been updated to version 2.18.4, fixing several security issues and other bugs. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7156 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7157 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13856 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13866 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13870 https://webkitgtk.org/security/WSA-2017-0010.html https://webkitgtk.org/2017/12/19/webkitgtk2.18.4-released.html http://openwall.com/lists/oss-security/2017/12/19/6 ======================== Updated packages in core/updates_testing: ======================== webkit2-2.18.4-1.mga6 webkit2-jsc-2.18.4-1.mga6 lib(64)webkit2gtk4.0_37-2.18.4-1.mga6 lib(64)javascriptcoregtk4.0_18-2.18.4-1.mga6 lib(64)webkit2-devel-2.18.4-1.mga6 lib(64)javascriptcore-gir4.0-2.18.4-1.mga6 lib(64)webkit2gtk-gir4.0-2.18.4-1.mga6 from SRPMS: webkit2-2.18.4-1.mga6.src.rpm
Whiteboard: MGA6TOO => (none)Version: Cauldron => 6Assignee: nicolas.salguero => qa-bugsStatus: NEW => ASSIGNED
MGA6-32 on Dell Latitude D600 MATE No installation issues At CLI: $ strace -o webkit.txt atril (atril:8385): Gtk-WARNING **: Allocating size to EvSidebar 0x92c2a00 without calling gtk_widget_get_preferred_width/height(). How does the code know the size to allocate? Atril opens and I can read a pdf made by scanning (xsane) two pages from a magazine. Trace confirms libwebkit2gtk is called.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA6-32-OK
Keywords: (none) => advisory
Testing M6/64 AFTER update: - lib64javascriptcore-gir4.0-2.18.4-1.mga6.x86_64 - lib64javascriptcoregtk4.0_18-2.18.4-1.mga6.x86_64 - lib64webkit2gtk-gir4.0-2.18.4-1.mga6.x86_64 - lib64webkit2gtk4.0_37-2.18.4-1.mga6.x86_64 - webkit2-2.18.4-1.mga6.x86_64 Using https://bugs.mageia.org/show_bug.cgi?id=21894#c8 as a guide. Web/Epiphany says: "Epiphany is a GNOME web browser based on the webkit rendering engine." If it has anything to do with this update, I used it extensively without problems (other than outdated certificates). $ strace atril 2>&1 | grep webkit2 open("/lib64/libwebkit2gtk-4.0.so.37", O_RDONLY|O_CLOEXEC) = 3 read(14, "usr/lib64/libwebkit2gtk-4.0.so.3"..., 1024) = 1024 I opened a long PDF document with images, perfect. It only seems to offer to view PDFs, not .odt or .txt. $ strace evolution 2>&1 | grep webkit2 open("/usr/lib64/evolution/libwebkit2gtk-4.0.so.37", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) open("/lib64/libwebkit2gtk-4.0.so.37", O_RDONLY|O_CLOEXEC) = 3 Clicked everything in sight; all seems correct. $ strace zenity --title="Select a file to remove" --file-selection 2>&1 | grep webkit2 open("/lib64/libwebkit2gtk-4.0.so.37", O_RDONLY|O_CLOEXEC) = 3 Opened a functional file chooser dialogue. Nothing untoward to prevent an OK & validation.
Whiteboard: MGA6-32-OK => MGA6-32-OK MGA6-64-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0005.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED