Bug 30494 - webkit2 security issues fixed upstream (WSA-2022-0005)
Summary: webkit2 security issues fixed upstream (WSA-2022-0005)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2022-05-30 09:30 CEST by Nicolas Salguero
Modified: 2022-06-03 19:16 CEST (History)
5 users (show)

See Also:
Source RPM: webkit2-2.36.2-1.mga8.src.rpm
CVE:
Status comment:


Attachments

Description Nicolas Salguero 2022-05-30 09:30:52 CEST
Hi,

Upstream has released version 2.36.3 which fixes several crashes and rendering issues:
https://webkitgtk.org/2022/05/28/webkitgtk2.36.3-released.html

Best regards,

Nico.
Nicolas Salguero 2022-05-30 09:31:30 CEST

Source RPM: (none) => webkit2-2.36.2-1.mga8.src.rpm
CC: (none) => nicolas.salguero
Whiteboard: (none) => MGA8TOO
Assignee: bugsquad => nicolas.salguero

Comment 1 Nicolas Salguero 2022-05-30 16:24:22 CEST
Suggested advisory:
========================

Updated webkit2 packages fix several crashes and rendering issues.

References:
https://webkitgtk.org/2022/05/28/webkitgtk2.36.3-released.html
========================

Updated packages in core/updates_testing:
========================
webkit2-2.36.3-1.mga8
webkit2-jsc-2.36.3-1.mga8
lib(64)webkit2gtk-gir4.0-2.36.3-1.mga8
lib(64)javascriptcore-gir4.0-2.36.3-1.mga8
lib(64)javascriptcoregtk4.0_18-2.36.3-1.mga8
lib(64)webkit2gtk4.0_37-2.36.3-1.mga8
lib(64)webkit2-devel-2.36.3-1.mga8

from SRPM:
webkit2-2.36.3-1.mga8.src.rpm

Whiteboard: MGA8TOO => (none)
Status: NEW => ASSIGNED
Version: Cauldron => 8
Assignee: nicolas.salguero => qa-bugs

Comment 2 Nicolas Salguero 2022-05-31 09:24:46 CEST
Suggested advisory:
========================

Updated webkit2 packages fix security vulnerabilities:

The webkit2 package has been updated to version 2.36.3, fixing several security issues and other bugs.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26700
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26709
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26717
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26716
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26719
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30293
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30294
https://webkitgtk.org/2022/05/28/webkitgtk2.36.3-released.html
https://webkitgtk.org/security/WSA-2022-0005.html
========================

Updated packages in core/updates_testing:
========================
webkit2-2.36.3-1.mga8
webkit2-jsc-2.36.3-1.mga8
lib(64)webkit2gtk-gir4.0-2.36.3-1.mga8
lib(64)javascriptcore-gir4.0-2.36.3-1.mga8
lib(64)javascriptcoregtk4.0_18-2.36.3-1.mga8
lib(64)webkit2gtk4.0_37-2.36.3-1.mga8
lib(64)webkit2-devel-2.36.3-1.mga8

from SRPM:
webkit2-2.36.3-1.mga8.src.rpm

QA Contact: (none) => security
Component: RPM Packages => Security
Summary: webkit2 issues fixed upstream in 2.36.3 => webkit2 security issues fixed upstream (WSA-2022-0005)

Comment 3 Herman Viaene 2022-06-01 13:48:22 CEST
MGA8-64 Plasma on Lenovo B50 in Dutch
No installation issues.
Ref bug 30262 for testing.
zenity --calendar and atril work OK
Good enough for me.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA8-64-OK

Comment 4 Thomas Andrews 2022-06-01 14:53:37 CEST
Tested opening Gnome Web (Epiphany) and Evolution in a Gnome vbox guest, simply because we have had problems with them in the recent past. Both are OK.

As with all webkit2 3.6.x updates, Bug 30332 remains in effect. While updating webkit2 exposed that issue, and downgrading it removes the problem, it may well be that drakconf is the actual cause.

Confirming the OK, and validating. Advisory in Comment 2.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2022-06-02 22:54:05 CEST

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 5 Mageia Robot 2022-06-03 19:16:29 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0218.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.