Upstream has issued an advisory on May 21: https://webkitgtk.org/security/WSA-2024-0003.html The issue is fixed upstream in 2.44.2: https://webkitgtk.org/2024/05/16/webkitgtk2.44.2-released.html
Status comment: (none) => Fixed upstream in 2.44.2Source RPM: (none) => webkit2-2.44.1-1.mga10.src.rpmCVE: (none) => CVE-2024-27834Whiteboard: (none) => MGA9TOO
Blocks: (none) => 33208
Although I am assigning this globally, ns80 is the main updater of webkit2, so is already (as bug originator) effectively CC'd.
Assignee: bugsquad => pkg-bugs
Ubuntu has issued an advisory on May 28: https://ubuntu.com/security/notices/USN-6788-1
Suggested advisory: ======================== The updated packages fix a security vulnerability and other issues. References: https://webkitgtk.org/security/WSA-2024-0003.html https://webkitgtk.org/2024/05/16/webkitgtk2.44.2-released.html https://ubuntu.com/security/notices/USN-6788-1 ======================== Updated packages in core/updates_testing: ======================== lib(64)javascriptcore-gir4.0-2.44.2-1.mga9 lib(64)javascriptcore-gir4.1-2.44.2-1.mga9 lib(64)javascriptcore-gir6.0-2.44.2-1.mga9 lib(64)javascriptcoregtk4.0_18-2.44.2-1.mga9 lib(64)javascriptcoregtk4.1_0-2.44.2-1.mga9 lib(64)javascriptcoregtk6.0_1-2.44.2-1.mga9 lib(64)webkit2gtk-gir4.0-2.44.2-1.mga9 lib(64)webkit2gtk-gir4.1-2.44.2-1.mga9 lib(64)webkit2gtk4.0-devel-2.44.2-1.mga9 lib(64)webkit2gtk4.0_37-2.44.2-1.mga9 lib(64)webkit2gtk4.1-devel-2.44.2-1.mga9 lib(64)webkit2gtk4.1_0-2.44.2-1.mga9 lib(64)webkitgtk-gir6.0-2.44.2-1.mga9 lib(64)webkitgtk6.0-devel-2.44.2-1.mga9 lib(64)webkitgtk6.0_4-2.44.2-1.mga9 webkit2-driver-2.44.2-1.mga9 webkit2gtk4.0-2.44.2-1.mga9 webkit2gtk4.0-jsc-2.44.2-1.mga9 webkit2gtk4.1-2.44.2-1.mga9 webkit2gtk4.1-jsc-2.44.2-1.mga9 webkitgtk6.0-2.44.2-1.mga9 webkitgtk6.0-jsc-2.44.2-1.mga9 from SRPM: webkit2-2.44.2-1.mga9.src.rpm
Source RPM: webkit2-2.44.1-1.mga10.src.rpm => webkit2-2.44.1-1.mga9.src.rpmAssignee: pkg-bugs => qa-bugsVersion: Cauldron => 9Status comment: Fixed upstream in 2.44.2 => (none)Status: NEW => ASSIGNEDWhiteboard: MGA9TOO => (none)
Thomas would be good to test in the system you have bug#33208
CC: (none) => andrewsfarm
RH mageia 9 x86_64 LC_ALL=C urpmi --auto --auto-update medium "QA Testing (64-bit)" is up-to-date medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date medium "BDK-Free-x86_64" is up-to-date medium "BDK-Free-noarch" is up-to-date medium "BDK-NonFree-x86_64" is up-to-date installing lib64webkit2gtk4.1_0-2.44.2-1.mga9.x86_64.rpm lib64javascriptcoregtk4.1_0-2.44.2-1.mga9.x86_64.rpm lib64javascriptcore-gir4.1-2.44.2-1.mga9.x86_64.rpm webkit2gtk4.1-2.44.2-1.mga9.x86_64.rpm webkit2-driver-2.44.2-1.mga9.x86_64.rpm lib64webkit2gtk-gir4.1-2.44.2-1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/6: lib64javascriptcoregtk4.1_0 ################################################################################################## 2/6: lib64javascriptcore-gir4.1 ################################################################################################## 3/6: webkit2-driver ################################################################################################## 4/6: webkit2gtk4.1 ################################################################################################## 5/6: lib64webkit2gtk4.1_0 ################################################################################################## 6/6: lib64webkit2gtk-gir4.1 ################################################################################################## 1/6: removing lib64webkit2gtk-gir4.1-2.44.1-1.mga9.x86_64 ################################################################################################## 2/6: removing lib64javascriptcore-gir4.1-2.44.1-1.mga9.x86_64 ################################################################################################## 3/6: removing lib64webkit2gtk4.1_0-2.44.1-1.mga9.x86_64 ################################################################################################## 4/6: removing webkit2gtk4.1-2.44.1-1.mga9.x86_64 ################################################################################################## 5/6: removing lib64javascriptcoregtk4.1_0-2.44.1-1.mga9.x86_64 ################################################################################################## 6/6: removing webkit2-driver-2.44.1-1.mga9.x86_64 ################################################################################################## drakconf works OK strace gnome-boxes show the library is opened openat(AT_FDCWD, "/lib64/libwebkit2gtk-4.1.so.0", O_RDONLY|O_CLOEXEC) = 3 gnoome-boxes works Later when I test in i586 I test again run mcc in ssh conection
Keywords: (none) => advisory
Sorry folks, where do I get webkit 2.44.2 from? I've enabled core-updates-testing but latest appearing in mcc is my current 2.44.1 I have seen the list of packages in madb but not sure where to go from there.
CC: (none) => tablackwell
Whoops - forgot update media. Got it
From xfce on x86_64, Having installed 2.44.2, then ssh localhost, login, su root, then run mcc, fails with # mcc Too late to run INIT block at /usr/lib64/perl5/vendor_perl/Glib/Object/Introspection.pm line 257. Ignore the following Glib::Object::Introspection & Gtk3 warnings Subroutine Gtk3::main redefined at /usr/share/perl5/vendor_perl/Gtk3.pm line 539. GLib-GObject-CRITICAL **: g_boxed_type_register_static: assertion 'g_type_from_name (name) == 0' failed at /usr/lib64/perl5/DynaLoader.pm line 223. GLib-GObject-CRITICAL **: g_boxed_type_register_static: assertion 'g_type_from_name (name) == 0' failed at /usr/lib64/perl5/DynaLoader.pm line 223. GLib-GObject-CRITICAL **: g_boxed_type_register_static: assertion 'g_type_from_name (name) == 0' failed at /usr/lib64/perl5/DynaLoader.pm line 223. GLib-GObject-CRITICAL **: g_boxed_type_register_static: assertion 'g_type_from_name (name) == 0' failed at /usr/lib64/perl5/DynaLoader.pm line 223. Overriding existing handler for signal 10. Set JSC_SIGNAL_FOR_GC if you want WebKit to use a different signal I'm getting same error with drakconf. What have I left un-done?
(In reply to Tony Blackwell from comment #8) > From xfce on x86_64, Having installed 2.44.2, then ssh localhost, login, su > root, then run mcc, fails with > # mcc > Too late to run INIT block at > /usr/lib64/perl5/vendor_perl/Glib/Object/Introspection.pm line 257. > Ignore the following Glib::Object::Introspection & Gtk3 warnings > Subroutine Gtk3::main redefined at /usr/share/perl5/vendor_perl/Gtk3.pm line > 539. > GLib-GObject-CRITICAL **: g_boxed_type_register_static: assertion > 'g_type_from_name (name) == 0' failed at /usr/lib64/perl5/DynaLoader.pm line > 223. > GLib-GObject-CRITICAL **: g_boxed_type_register_static: assertion > 'g_type_from_name (name) == 0' failed at /usr/lib64/perl5/DynaLoader.pm line > 223. > GLib-GObject-CRITICAL **: g_boxed_type_register_static: assertion > 'g_type_from_name (name) == 0' failed at /usr/lib64/perl5/DynaLoader.pm line > 223. > GLib-GObject-CRITICAL **: g_boxed_type_register_static: assertion > 'g_type_from_name (name) == 0' failed at /usr/lib64/perl5/DynaLoader.pm line > 223. > Overriding existing handler for signal 10. Set JSC_SIGNAL_FOR_GC if you want > WebKit to use a different signal > > I'm getting same error with drakconf. > > What have I left un-done? Nothing but not works for all, see Bug#32185 comment#41, If works in the system that you update webkit2 then is fine Thank you for the test
mga9-64 Plasma X11 Tested on both my workstation "svarten" with nvidia470, and laptop thinkpad T510 using nouveau. No problems noted in drakconf, various desktop appsm suspend/resume Packages i had installed updated: - webkit2-driver-2.44.2-1.mga9.x86_64 - webkit2gtk4.0-2.44.2-1.mga9.x86_64 - webkit2gtk4.1-2.44.2-1.mga9.x86_64 - webkitgtk6.0-2.44.2-1.mga9.x86_64 - lib64javascriptcore-gir4.0-2.44.2-1.mga9.x86_64 - lib64javascriptcore-gir4.1-2.44.2-1.mga9.x86_64 - lib64javascriptcoregtk4.0_18-2.44.2-1.mga9.x86_64 - lib64javascriptcoregtk4.1_0-2.44.2-1.mga9.x86_64 - lib64javascriptcoregtk6.0_1-2.44.2-1.mga9.x86_64 - lib64webkit2gtk-gir4.0-2.44.2-1.mga9.x86_64 - lib64webkit2gtk-gir4.1-2.44.2-1.mga9.x86_64 - lib64webkit2gtk4.0_37-2.44.2-1.mga9.x86_64 - lib64webkit2gtk4.1_0-2.44.2-1.mga9.x86_64 - lib64webkitgtk6.0_4-2.44.2-1.mga9.x86_64
CC: (none) => fri
RH mageia 9 i586 LC_ALL=C urpmi --auto --auto-update medium "QA Testing (32-bit)" is up-to-date medium "BDK-Free-i586" is up-to-date medium "BDK-Free-noarch" is up-to-date medium "BDK-NonFree-i586" is up-to-date medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date installing libwebkit2gtk4.1_0-2.44.2-1.mga9.i586.rpm webkit2gtk4.0-2.44.2-1.mga9.i586.rpm libwebkit2gtk-gir4.1-2.44.2-1.mga9.i586.rpm libwebkit2gtk-gir4.0-2.44.2-1.mga9.i586.rpm webkit2-driver-2.44.2-1.mga9.i586.rpm libjavascriptcoregtk4.0_18-2.44.2-1.mga9.i586.rpm libjavascriptcore-gir4.1-2.44.2-1.mga9.i586.rpm libwebkit2gtk4.0_37-2.44.2-1.mga9.i586.rpm libjavascriptcore-gir4.0-2.44.2-1.mga9.i586.rpm libjavascriptcoregtk4.1_0-2.44.2-1.mga9.i586.rpm webkit2gtk4.1-2.44.2-1.mga9.i586.rpm from //home/katnatek/qa-testing/i586 Preparing... ################################################################ 1/11: libjavascriptcoregtk4.1_0 ################################################################ 2/11: libjavascriptcoregtk4.0_18 ################################################################ 3/11: webkit2-driver ################################################################ 4/11: libjavascriptcore-gir4.0 ################################################################ 5/11: libjavascriptcore-gir4.1 ################################################################ 6/11: libwebkit2gtk4.0_37 ################################################################ 7/11: webkit2gtk4.0 ################################################################ 8/11: webkit2gtk4.1 ################################################################ 9/11: libwebkit2gtk4.1_0 ################################################################ 10/11: libwebkit2gtk-gir4.1 ################################################################ 11/11: libwebkit2gtk-gir4.0 ################################################################ 1/11: removing libwebkit2gtk-gir4.0-2.44.1-1.mga9.i586 ################################################################ 2/11: removing libwebkit2gtk-gir4.1-2.44.1-1.mga9.i586 ################################################################ 3/11: removing libwebkit2gtk4.1_0-2.44.1-1.mga9.i586 ################################################################ 4/11: removing webkit2gtk4.1-2.44.1-1.mga9.i586 ################################################################ 5/11: removing libjavascriptcore-gir4.1-2.44.1-1.mga9.i586 ################################################################ 6/11: removing libwebkit2gtk4.0_37-2.44.1-1.mga9.i586 ################################################################ 7/11: removing webkit2gtk4.0-2.44.1-1.mga9.i586 ################################################################ 8/11: removing libjavascriptcore-gir4.0-2.44.1-1.mga9.i586 ################################################################ 9/11: removing libjavascriptcoregtk4.0_18-2.44.1-1.mga9.i586 ################################################################ 10/11: removing libjavascriptcoregtk4.1_0-2.44.1-1.mga9.i586 ################################################################ 11/11: removing webkit2-driver-2.44.1-1.mga9.i586 ################################################################ drakconf works OK From ssh still see the errors in Bug#32185 comment#41, so the problem that have Tony in comment#8 is not new
(In reply to katnatek from comment #4) > Thomas would be good to test in the system you have bug#33208 MGA9-32 Xfce on an HP Probook 6550b. No change that I can see. MCC still displays maybe a second, then crashes. The last line of dmesg is: 82.191395] traps: VBlankMonitor[2319] trap divide error ip:afd1f000 sp:9e1fe290 error:0 in libwebkit2gtk-4.1.so.0.13.6[af87b000+3135000] indicating, I guess, that there's still a webkit2-related error. Whether it's a webkit2 error or a drakconf error, I couldn't say. Other than that, I don't see any issues.
updated: lib64webkit2gtk-gir4.1 lib64webkit2gtk4.1_0 lib64webkitgtk6.0_4 lib64javascriptcore-gir4.1 lib64javascriptcoregtk4.1_0 lib64javascriptcoregtk6.0_1 webkit2-driver webkit2gtk4.1 webkitgtk6.0 installing webkit2-driver-2.44.2-1.mga9.x86_64.rpm webkit2gtk4.1-2.44.2-1.mga9.x86_64.rpm webkitgtk6.0-2.44.2-1.mga9.x86_64.rpm lib64javascriptcoregtk4.1_0-2.44.2-1.mga9.x86_64.rpm lib64javascriptcoregtk6.0_1-2.44.2-1.mga9.x86_64.rpm lib64webkit2gtk4.1_0-2.44.2-1.mga9.x86_64.rpm lib64javascriptcore-gir4.1-2.44.2-1.mga9.x86_64.rpm lib64webkit2gtk-gir4.1-2.44.2-1.mga9.x86_64.rpm lib64webkitgtk6.0_4-2.44.2-1.mga9.x86_64.rpm from /var/cache/urpmi/rpms Preparing... ############################################################################# no issue with update checked MCC ok inxi -G Graphics: Device-1: AMD Mullins [Radeon R2 Graphics] driver: amdgpu v: kernel Display: x11 server: X.org v: 1.21.1.8 with: Xwayland v: 22.1.9 driver: X: loaded: amdgpu,v4l dri: radeonsi gpu: amdgpu resolution: 1366x768~60Hz API: OpenGL v: 4.6 Mesa 24.0.5 renderer: AMD Radeon R2 Graphics (radeonsi kabini LLVM 15.0.6 DRM 3.54 6.6.28-desktop-1.mga9)
CC: (none) => westel
re comment 13 above, and my different experience in comment 8, I note my graphics setup is different. (nvidia using proprietary driver) $ inxi -G Graphics: Device-1: NVIDIA GP102 [GeForce GTX 1080 Ti] driver: nvidia v: 550.76 Device-2: Logitech QuickCam Pro 9000 type: USB driver: snd-usb-audio,uvcvideo Display: x11 server: X.org v: 1.21.1.8 with: Xwayland v: 22.1.9 driver: X: loaded: nvidia,v4l gpu: nvidia,nvidia-nvswitch resolution: 1: 2560x1440~60Hz 2: 2560x1440~60Hz API: OpenGL v: 4.6.0 NVIDIA 550.76 renderer: NVIDIA GeForce GTX 1080 Ti/PCIe/SSE2
Wait a few more, a new version is available but for the moment not new security post is published If the Monday in the afternoon in my time zone the situation is still the same, I'll give the OKs
Version 2.45.3 is only a development release, not a stable one. For the moment, version 2.44.2 is the latest stable release.
(In reply to Nicolas Salguero from comment #16) > Version 2.45.3 is only a development release, not a stable one. For the > moment, version 2.44.2 is the latest stable release. You right, I not check well the version number thanks
Whiteboard: (none) => MGA9-64-OK,MGA9-32-OK
I say it is good to go then.
CC: (none) => sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0208.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED