webkitgtk-2.46.3-1.fc40

Read Time:39 Second

FEDORA-2024-4d940908db

Packages in this update:

webkitgtk-2.46.3-1.fc40

Update description:

Update to WebKitGTK 2.46.3:

Flatten layers to a plane when preseve-3d style is set.
Fix DuckDuckGo links by adding a user agent quirk.
Fix several crashes and rendering issues.
Fixes: CVE-2024-44244, CVE-2024-44296

Changes from WebKitGTK 2.46.2:

Own well-known bus name on a11y bus.
Improve memory consumption when putImageData is used repeatedly on accelerated canvas.
Disable cached web process suspension for now to prevent leaks.
Improve text kerning with different combinations of antialias and hinting settings.
Destroy all network sessions on process exit.
Fix visible rectangle calculation when there are animations.
Fix the build with ENABLE_NOTIFICATIONS=OFF.
Fix several crashes and rendering issues.

Read More

webkitgtk-2.46.3-1.fc41

Read Time:39 Second

FEDORA-2024-4e0b4ce6ad

Packages in this update:

webkitgtk-2.46.3-1.fc41

Update description:

Update to WebKitGTK 2.46.3:

Flatten layers to a plane when preseve-3d style is set.
Fix DuckDuckGo links by adding a user agent quirk.
Fix several crashes and rendering issues.
Fixes: CVE-2024-44244, CVE-2024-44296

Changes from WebKitGTK 2.46.2:

Own well-known bus name on a11y bus.
Improve memory consumption when putImageData is used repeatedly on accelerated canvas.
Disable cached web process suspension for now to prevent leaks.
Improve text kerning with different combinations of antialias and hinting settings.
Destroy all network sessions on process exit.
Fix visible rectangle calculation when there are animations.
Fix the build with ENABLE_NOTIFICATIONS=OFF.
Fix several crashes and rendering issues.

Read More

webkitgtk-2.46.3-1.fc39

Read Time:39 Second

FEDORA-2024-0f8a88da75

Packages in this update:

webkitgtk-2.46.3-1.fc39

Update description:

Update to WebKitGTK 2.46.3:

Flatten layers to a plane when preseve-3d style is set.
Fix DuckDuckGo links by adding a user agent quirk.
Fix several crashes and rendering issues.
Fixes: CVE-2024-44244, CVE-2024-44296

Changes from WebKitGTK 2.46.2:

Own well-known bus name on a11y bus.
Improve memory consumption when putImageData is used repeatedly on accelerated canvas.
Disable cached web process suspension for now to prevent leaks.
Improve text kerning with different combinations of antialias and hinting settings.
Destroy all network sessions on process exit.
Fix visible rectangle calculation when there are animations.
Fix the build with ENABLE_NOTIFICATIONS=OFF.
Fix several crashes and rendering issues.

Read More

USN-7086-1: Firefox vulnerabilities

Read Time:22 Second

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-10458
CVE-2024-10459, CVE-2024-10460, CVE-2024-10461, CVE-2024-10462,
CVE-2024-10463, CVE-2024-10464, CVE-2024-10465, CVE-2024-10466,
CVE-2024-10467, CVE-2024-10468)

Read More

USN-7087-1: libarchive vulnerability

Read Time:15 Second

It was discovered that libarchive incorrectly handled certain RAR archive
files. If a user or automated system were tricked into processing a
specially crafted RAR archive, an attacker could use this issue to cause
libarchive to crash, resulting in a denial of service, or possibly execute
arbitrary code.

Read More

ZDI-24-1433: Autodesk AutoCAD MODEL File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8594.

Read More

ZDI-24-1434: Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8593.

Read More