30064 – webkit2 security issues fixed upstream (WSA-2022-0003)

Bug 30064 - webkit2 security issues fixed upstream (WSA-2022-0003)

Summary: webkit2 security issues fixed upstream (WSA-2022-0003)

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:	30041
	Show dependency tree / graph

Reported:	2022-02-17 21:49 CET by Thomas Backlund
Modified:	2022-02-18 11:16 CET (History)
CC List:	2 users (show)

See Also:
Source RPM:	webkit2
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Thomas Backlund 2022-02-17 21:49:46 CET

Upstream has issued an advisory today (February 17):
https://webkitgtk.org/security/WSA-2022-0003.html


Updates submitted to the build system.

Package list will be:
i586:
libjavascriptcore-gir4.0-2.34.6-1.mga8.i586.rpm
libjavascriptcoregtk4.0_18-2.34.6-1.mga8.i586.rpm
libwebkit2-devel-2.34.6-1.mga8.i586.rpm
libwebkit2gtk4.0_37-2.34.6-1.mga8.i586.rpm
libwebkit2gtk-gir4.0-2.34.6-1.mga8.i586.rpm
webkit2-2.34.6-1.mga8.i586.rpm
webkit2-jsc-2.34.6-1.mga8.i586.rpm


x86_64:
lib64javascriptcore-gir4.0-2.34.6-1.mga8.x86_64.rpm
lib64javascriptcoregtk4.0_18-2.34.6-1.mga8.x86_64.rpm
lib64webkit2-devel-2.34.6-1.mga8.x86_64.rpm
lib64webkit2gtk4.0_37-2.34.6-1.mga8.x86_64.rpm
lib64webkit2gtk-gir4.0-2.34.6-1.mga8.x86_64.rpm
webkit2-2.34.6-1.mga8.x86_64.rpm
webkit2-jsc-2.34.6-1.mga8.x86_64.rpm

from SRPM:
webkit2-2.34.6-1.mga8.src.rpm

Comment 1 Thomas Backlund 2022-02-17 21:50:40 CET

This update should also fix bug 30041

Blocks: (none) => 30041

Comment 2 David Walser 2022-02-17 22:27:14 CET

CVE-2022-22620 is being fixed.  Reference for 2.34.6 release:
https://webkitgtk.org/2022/02/17/webkitgtk2.34.6-released.html

Comment 3 Dave Hodgins 2022-02-18 04:24:19 CET

Tested with epiphany and evolution on an x86_64 system using startx (where they
worked before the update) and on an rpi 4b system using gdm where they didn't.

Validating the update. Advisory committed to svn.

CC: (none) => davidwhodgins, sysadmin-bugs
Whiteboard: (none) => MGA8-64-OK
Keywords: (none) => advisory, validated_update

Comment 4 Thomas Backlund 2022-02-18 07:22:36 CET

Unvalidating for now, I'd like confirmation from bug 30041 affected users that it actually fixes that issue too...

Keywords: validated_update => (none)

Comment 5 sturmvogel 2022-02-18 07:43:46 CET

Also posted in bug 30041
Updated the three webkit packages from updates_testing.

Plasma x86_64

Epiphany opens correctly (opened some sites and surfed a little bit, all ok)
Evolution opens correctlty (did some settings and test setups, all ok)


MGA8 64bit OK

Comment 6 sturmvogel 2022-02-18 07:45:07 CET

To be more precise, installed
lib64webkit2gtk4.0_37-2.34.6-1.mga8.x86_64.rpm
lib64webkit2gtk-gir4.0-2.34.6-1.mga8.x86_64.rpm
webkit2-2.34.6-1.mga8.x86_64.rpm

Comment 7 Thomas Backlund 2022-02-18 10:34:36 CET

several confirmations on bug 30041 that this update fixes the issue.

re-validating and flushing out

Keywords: (none) => validated_update

Comment 8 Mageia Robot 2022-02-18 11:16:20 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0075.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.