Opened 3 months ago

Closed 3 months ago

#20815 closed enhancement (fixed)

webkitgtk-2.46.5

Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: high Milestone: 12.3
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version

This update contains security fixes from https://support.apple.com/en-us/121846 - Safari 18.2 was released last week (12/11/2024), and I was able to cross reference the WebKit bug numbers from the Apple advisory to the commits in https://github.com/WebKit/WebKit/commits/webkitglib/2.46/

Release notes: 

What’s new in the WebKitGTK 2.46.5 release?

    Fix the build with GBM and release logs disabled.
    Fix several crashes and rendering issues.

The highest of these is rated at 8.8 High, so we'll go with that for the rating.

Change History (5)

comment:1 by Douglas R. Reno, 3 months ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 3 months ago

The patch won't be required anymore either

comment:3 by Douglas R. Reno, 3 months ago 

CVE-2024-54479

    Versions affected: WebKitGTK and WPE WebKit before 2.46.5.

    Credit to Seunghyun Lee.
    Impact: Processing maliciously crafted web content may lead to an unexpected process 
crash Description: The issue was addressed with improved checks.
    WebKit Bugzilla: 278497

CVE-2024-54502

    Versions affected: WebKitGTK and WPE WebKit before 2.46.5.
    Credit to Brendon Tiszka of Google Project Zero.
    Impact: Processing maliciously crafted web content may lead to an unexpected process 
crash Description: The issue was addressed with improved checks.
    WebKit Bugzilla: 281912

CVE-2024-54505

    Versions affected: WebKitGTK and WPE WebKit before 2.46.5.
    Credit to Gary Kwong.
    Impact: Processing maliciously crafted web content may lead to memory corruption 
Description: A type confusion issue was addressed with improved memory handling.
    WebKit Bugzilla: 282661

CVE-2024-54508

    Versions affected: WebKitGTK and WPE WebKit before 2.46.5.
    Credit to linjy of HKUS3Lab and chluo of WHUSecLab, Xiangwei Zhang of Tencent 
Security YUNDING LAB.
    Impact: Processing maliciously crafted web content may lead to an unexpected process 
crash Description: The issue was addressed with improved memory handling.
    WebKit Bugzilla: 282180

comment:4 by Douglas R. Reno, 3 months ago

Fixed at 5abbbe68d0d026f56ca447c167ce131a172033dd

SA to come in the morning

comment:5 by Douglas R. Reno, 3 months ago

Resolution: fixed
Status: assignedclosed

SA-12.2-058 issued

Note: See TracTickets for help on using tickets.