Bug 23189 - webkit2 security issues fixed upstream (WSA-2018-0005)
Summary: webkit2 security issues fixed upstream (WSA-2018-0005)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-32-OK
Keywords: advisory, has_procedure, validated_update
Depends on:
Blocks:
 
Reported: 2018-06-17 00:56 CEST by David Walser
Modified: 2018-07-01 19:18 CEST (History)
3 users (show)

See Also:
Source RPM: webkit2-2.20.2-1.mga6.src.rpm
CVE:
Status comment:


Attachments
zenity test script (189 bytes, application/x-shellscript)
2018-06-30 14:53 CEST, Herman Viaene
Details
Sample pdf with hyperlinks (12.05 KB, application/pdf)
2018-06-30 14:54 CEST, Herman Viaene
Details

Description David Walser 2018-06-17 00:56:46 CEST
Upstream has issued an advisory on June 13:
https://webkitgtk.org/security/WSA-2018-0005.html

The issues have been fixed in 2.20.3, released on June 11:
https://webkitgtk.org/2018/06/11/webkitgtk2.20.3-released.html

Mageia 6 is also affected.

It's building in Cauldron now and will be pushed in Mageia 6 when that's done.

Testing procedure in bug 22876 comment 4

Suggested advisory:
========================

Updated webkit2 packages fix security vulnerabilities:

The webkit2 package has been updated to version 2.20.3, fixing several
security issues and other bugs.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4199
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4218
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4222
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4232
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4233
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4246
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11646
https://webkitgtk.org/security/WSA-2018-0005.html
https://webkitgtk.org/2018/06/11/webkitgtk2.20.3-released.html
========================

Updated packages in core/updates_testing:
========================
webkit2-2.20.3-1.mga6
webkit2-jsc-2.20.3-1.mga6
lib(64)webkit2gtk4.0_37-2.20.3-1.mga6
lib(64)javascriptcoregtk4.0_18-2.20.3-1.mga6
lib(64)webkit2-devel-2.20.3-1.mga6
lib(64)javascriptcore-gir4.0-2.20.3-1.mga6
lib(64)webkit2gtk-gir4.0-2.20.3-1.mga6

from SRPMS:
webkit2-2.20.3-1.mga6.src.rpm
Comment 1 David Walser 2018-06-17 02:05:39 CEST
Building in Mageia 6 now.  Info in Comment 0.

Assignee: bugsquad => qa-bugs
Keywords: (none) => has_procedure

Comment 2 Herman Viaene 2018-06-30 14:51:10 CEST
MGA6-32 on IBM Thinkpad R50e MATE
No installation issues.
Followed testing procedure in using zenity and the script (see attachment)
Found also an example of a pdf with internal and external hyperlinks (next attachment)
All work OK.

Whiteboard: (none) => MGA6-32-OK
CC: (none) => herman.viaene

Comment 3 Herman Viaene 2018-06-30 14:53:17 CEST
Created attachment 10262 [details]
zenity test script
Comment 4 Herman Viaene 2018-06-30 14:54:03 CEST
Created attachment 10263 [details]
Sample pdf with hyperlinks
Comment 5 Dave Hodgins 2018-07-01 04:28:52 CEST
Advisory committed to svn. Validating the update.

CC: (none) => davidwhodgins

Comment 6 Dave Hodgins 2018-07-01 04:30:00 CEST
Actually adding the keywords.

Keywords: (none) => advisory, validated_update
CC: (none) => sysadmin-bugs

Comment 7 Mageia Robot 2018-07-01 19:18:32 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0302.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.