Issued:: 2025-01-13
Updated:: 2025-01-13

RHSA-2025:0276 - Security Advisory

Overview
Updated Packages

Synopsis

Important: webkit2gtk3 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

WebKitGTK: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-54479)
webkit: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-54502)
webkit: Processing maliciously crafted web content may lead to memory corruption (CVE-2024-54505)
webkit: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-54508)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Fixes

BZ - 2333841 - CVE-2024-54479 WebKitGTK: Processing maliciously crafted web content may lead to an unexpected process crash
BZ - 2333843 - CVE-2024-54502 webkit: Processing maliciously crafted web content may lead to an unexpected process crash
BZ - 2333844 - CVE-2024-54505 webkit: Processing maliciously crafted web content may lead to memory corruption
BZ - 2333845 - CVE-2024-54508 webkit: Processing maliciously crafted web content may lead to an unexpected process crash

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
webkit2gtk3-2.46.5-1.el8_2.src.rpm	SHA-256: e79efc82dfc934ea2ef87b804bfc7929e0993da6b1bcbce0db83b3243d42936a
x86_64
webkit2gtk3-2.46.5-1.el8_2.i686.rpm	SHA-256: 3fe3009df6dcbdb901be2f29ad02b9e3efdbb62f5e9efe734a98d6457ff15ca4
webkit2gtk3-2.46.5-1.el8_2.x86_64.rpm	SHA-256: 00a150af18054d13f32fe44462ac26f278b9db0760c9b72fb2d78f500f08623a
webkit2gtk3-debuginfo-2.46.5-1.el8_2.i686.rpm	SHA-256: 921bb65b2f69c7a5a72ec32ea81ece77ce187f3fdbc33dba33601a9dce7cc6a5
webkit2gtk3-debuginfo-2.46.5-1.el8_2.x86_64.rpm	SHA-256: 64dabea3341fea0de8eda7a575a495c0186e73675885f7aff07119c2dd79081b
webkit2gtk3-debugsource-2.46.5-1.el8_2.i686.rpm	SHA-256: 6c393b614df9d603e34dfbf8c37b741c980e3c902c4e89d687db8fb23bc3e1ef
webkit2gtk3-debugsource-2.46.5-1.el8_2.x86_64.rpm	SHA-256: e5234713f04ce8bc35e588b913bc462c9005c4f33094709886bd1708cb73831c
webkit2gtk3-devel-2.46.5-1.el8_2.i686.rpm	SHA-256: da7883c6f10111c798212d08989f3d595286ff691a489dfd674ea8ebff50dd96
webkit2gtk3-devel-2.46.5-1.el8_2.x86_64.rpm	SHA-256: dcf37b55c51f5cdcc988c5d4a0d7d085fe42c42fcbce4670e126925bd7a95d72
webkit2gtk3-devel-debuginfo-2.46.5-1.el8_2.i686.rpm	SHA-256: ed3b201fbc23574301bc2a45ef2d146069e6d32f837c6af28aa411b602efd643
webkit2gtk3-devel-debuginfo-2.46.5-1.el8_2.x86_64.rpm	SHA-256: 36833f20706edf38e3ada9d7d65eeec661dd560f96ed9c7bfc54da4c2df246c3
webkit2gtk3-jsc-2.46.5-1.el8_2.i686.rpm	SHA-256: 04c63547e6bec44c146306ec1b3712f58723e464927740c0a71c73b13edd78eb
webkit2gtk3-jsc-2.46.5-1.el8_2.x86_64.rpm	SHA-256: 9e34378590e6e7a52b192bffdfbbb17f22fb6d5770e1b0288bf23e7b4fee8edd
webkit2gtk3-jsc-debuginfo-2.46.5-1.el8_2.i686.rpm	SHA-256: cf62c5c306f992010f3060128e56880cf14a662c58a6053999cc1f1a21211cb3
webkit2gtk3-jsc-debuginfo-2.46.5-1.el8_2.x86_64.rpm	SHA-256: c49236d2963882ab43cdc0424aa0223e434de3d6999825e4bcbdaf6b4d1bef08
webkit2gtk3-jsc-devel-2.46.5-1.el8_2.i686.rpm	SHA-256: 956578eb52922a5a7ad19438b742a732a311c213183abe4fd3b638ce876bba9b
webkit2gtk3-jsc-devel-2.46.5-1.el8_2.x86_64.rpm	SHA-256: 8870cbd0b7ee37eee63527bb95ca229e8a0b13155396ccc5e21c83a75c2d3d2d
webkit2gtk3-jsc-devel-debuginfo-2.46.5-1.el8_2.i686.rpm	SHA-256: 9b10d527cb93251c14434eb5ece1cd677b505362d913ad6e73cd9634f6ba1157
webkit2gtk3-jsc-devel-debuginfo-2.46.5-1.el8_2.x86_64.rpm	SHA-256: c1d91126227c5c8159f3c9b47e9f081975b65929b606c79df486f80298c24428

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation