OESA-2024-2084

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2084
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2024-2084.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2024-2084
Upstream
Published
2024-08-30T11:09:01Z
Modified
2025-09-03T06:20:25.211016Z
Summary
webkit2gtk3 security update
Details

WebKitGTK is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers. This package contains WebKit2 based WebKitGTK+ for GTK+ 3.

Security Fix(es):

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.(CVE-2024-40779)

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.(CVE-2024-40780)

Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)(CVE-2024-4558)

Database specific
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS-SP4 / webkit2gtk3

Package

Name
webkit2gtk3
Purl
pkg:rpm/openEuler/webkit2gtk3&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.22.2-13.oe2003sp4

Ecosystem specific

{
    "noarch": [
        "webkit2gtk3-help-2.22.2-13.oe2003sp4.noarch.rpm"
    ],
    "src": [
        "webkit2gtk3-2.22.2-13.oe2003sp4.src.rpm"
    ],
    "x86_64": [
        "webkit2gtk3-2.22.2-13.oe2003sp4.x86_64.rpm",
        "webkit2gtk3-jsc-2.22.2-13.oe2003sp4.x86_64.rpm",
        "webkit2gtk3-jsc-devel-2.22.2-13.oe2003sp4.x86_64.rpm",
        "webkit2gtk3-debugsource-2.22.2-13.oe2003sp4.x86_64.rpm",
        "webkit2gtk3-devel-2.22.2-13.oe2003sp4.x86_64.rpm",
        "webkit2gtk3-debuginfo-2.22.2-13.oe2003sp4.x86_64.rpm"
    ],
    "aarch64": [
        "webkit2gtk3-debugsource-2.22.2-13.oe2003sp4.aarch64.rpm",
        "webkit2gtk3-2.22.2-13.oe2003sp4.aarch64.rpm",
        "webkit2gtk3-devel-2.22.2-13.oe2003sp4.aarch64.rpm",
        "webkit2gtk3-debuginfo-2.22.2-13.oe2003sp4.aarch64.rpm",
        "webkit2gtk3-jsc-devel-2.22.2-13.oe2003sp4.aarch64.rpm",
        "webkit2gtk3-jsc-2.22.2-13.oe2003sp4.aarch64.rpm"
    ]
}

openEuler:22.03-LTS-SP1 / webkit2gtk3

Package

Name
webkit2gtk3
Purl
pkg:rpm/openEuler/webkit2gtk3&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.36.3-7.oe2203sp1

Ecosystem specific

{
    "noarch": [
        "webkit2gtk3-help-2.36.3-7.oe2203sp1.noarch.rpm"
    ],
    "src": [
        "webkit2gtk3-2.36.3-7.oe2203sp1.src.rpm"
    ],
    "x86_64": [
        "webkit2gtk3-2.36.3-7.oe2203sp1.x86_64.rpm",
        "webkit2gtk3-debuginfo-2.36.3-7.oe2203sp1.x86_64.rpm",
        "webkit2gtk3-devel-2.36.3-7.oe2203sp1.x86_64.rpm",
        "webkit2gtk3-debugsource-2.36.3-7.oe2203sp1.x86_64.rpm",
        "webkit2gtk3-jsc-devel-2.36.3-7.oe2203sp1.x86_64.rpm",
        "webkit2gtk3-jsc-2.36.3-7.oe2203sp1.x86_64.rpm"
    ],
    "aarch64": [
        "webkit2gtk3-debugsource-2.36.3-7.oe2203sp1.aarch64.rpm",
        "webkit2gtk3-2.36.3-7.oe2203sp1.aarch64.rpm",
        "webkit2gtk3-jsc-devel-2.36.3-7.oe2203sp1.aarch64.rpm",
        "webkit2gtk3-devel-2.36.3-7.oe2203sp1.aarch64.rpm",
        "webkit2gtk3-debuginfo-2.36.3-7.oe2203sp1.aarch64.rpm",
        "webkit2gtk3-jsc-2.36.3-7.oe2203sp1.aarch64.rpm"
    ]
}

openEuler:22.03-LTS-SP3 / webkit2gtk3

Package

Name
webkit2gtk3
Purl
pkg:rpm/openEuler/webkit2gtk3&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.36.3-7.oe2203sp3

Ecosystem specific

{
    "noarch": [
        "webkit2gtk3-help-2.36.3-7.oe2203sp3.noarch.rpm"
    ],
    "src": [
        "webkit2gtk3-2.36.3-7.oe2203sp3.src.rpm"
    ],
    "x86_64": [
        "webkit2gtk3-jsc-devel-2.36.3-7.oe2203sp3.x86_64.rpm",
        "webkit2gtk3-2.36.3-7.oe2203sp3.x86_64.rpm",
        "webkit2gtk3-devel-2.36.3-7.oe2203sp3.x86_64.rpm",
        "webkit2gtk3-debuginfo-2.36.3-7.oe2203sp3.x86_64.rpm",
        "webkit2gtk3-jsc-2.36.3-7.oe2203sp3.x86_64.rpm",
        "webkit2gtk3-debugsource-2.36.3-7.oe2203sp3.x86_64.rpm"
    ],
    "aarch64": [
        "webkit2gtk3-debugsource-2.36.3-7.oe2203sp3.aarch64.rpm",
        "webkit2gtk3-2.36.3-7.oe2203sp3.aarch64.rpm",
        "webkit2gtk3-debuginfo-2.36.3-7.oe2203sp3.aarch64.rpm",
        "webkit2gtk3-jsc-2.36.3-7.oe2203sp3.aarch64.rpm",
        "webkit2gtk3-jsc-devel-2.36.3-7.oe2203sp3.aarch64.rpm",
        "webkit2gtk3-devel-2.36.3-7.oe2203sp3.aarch64.rpm"
    ]
}

openEuler:22.03-LTS-SP4 / webkit2gtk3

Package

Name
webkit2gtk3
Purl
pkg:rpm/openEuler/webkit2gtk3&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.36.3-7.oe2203sp4

Ecosystem specific

{
    "noarch": [
        "webkit2gtk3-help-2.36.3-7.oe2203sp4.noarch.rpm"
    ],
    "src": [
        "webkit2gtk3-2.36.3-7.oe2203sp4.src.rpm"
    ],
    "x86_64": [
        "webkit2gtk3-2.36.3-7.oe2203sp4.x86_64.rpm",
        "webkit2gtk3-jsc-2.36.3-7.oe2203sp4.x86_64.rpm",
        "webkit2gtk3-devel-2.36.3-7.oe2203sp4.x86_64.rpm",
        "webkit2gtk3-debugsource-2.36.3-7.oe2203sp4.x86_64.rpm",
        "webkit2gtk3-debuginfo-2.36.3-7.oe2203sp4.x86_64.rpm",
        "webkit2gtk3-jsc-devel-2.36.3-7.oe2203sp4.x86_64.rpm"
    ],
    "aarch64": [
        "webkit2gtk3-debuginfo-2.36.3-7.oe2203sp4.aarch64.rpm",
        "webkit2gtk3-2.36.3-7.oe2203sp4.aarch64.rpm",
        "webkit2gtk3-debugsource-2.36.3-7.oe2203sp4.aarch64.rpm",
        "webkit2gtk3-devel-2.36.3-7.oe2203sp4.aarch64.rpm",
        "webkit2gtk3-jsc-devel-2.36.3-7.oe2203sp4.aarch64.rpm",
        "webkit2gtk3-jsc-2.36.3-7.oe2203sp4.aarch64.rpm"
    ]
}

openEuler:24.03-LTS / webkit2gtk3

Package

Name
webkit2gtk3
Purl
pkg:rpm/openEuler/webkit2gtk3&distro=openEuler-24.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.38.2-9.oe2403

Ecosystem specific

{
    "noarch": [
        "webkit2gtk3-help-2.38.2-9.oe2403.noarch.rpm",
        "webkit2gtk5.0-help-2.38.2-9.oe2403.noarch.rpm",
        "webkit2gtk4.1-help-2.38.2-9.oe2403.noarch.rpm"
    ],
    "src": [
        "webkit2gtk5.0-2.38.2-9.oe2403.src.rpm",
        "webkit2gtk4.1-2.38.2-9.oe2403.src.rpm",
        "webkit2gtk3-2.38.2-9.oe2403.src.rpm"
    ],
    "x86_64": [
        "webkit2gtk3-devel-2.38.2-9.oe2403.x86_64.rpm",
        "jsc4.1-devel-2.38.2-9.oe2403.x86_64.rpm",
        "webkit2gtk4.1-devel-2.38.2-9.oe2403.x86_64.rpm",
        "webkit2gtk3-jsc-2.38.2-9.oe2403.x86_64.rpm",
        "jsc4.1-2.38.2-9.oe2403.x86_64.rpm",
        "webkit2gtk3-debuginfo-2.38.2-9.oe2403.x86_64.rpm",
        "webkit2gtk3-debugsource-2.38.2-9.oe2403.x86_64.rpm",
        "jsc5.0-2.38.2-9.oe2403.x86_64.rpm",
        "webkit2gtk3-2.38.2-9.oe2403.x86_64.rpm",
        "jsc5.0-devel-2.38.2-9.oe2403.x86_64.rpm",
        "webkit2gtk4.1-debuginfo-2.38.2-9.oe2403.x86_64.rpm",
        "webkit2gtk4.1-2.38.2-9.oe2403.x86_64.rpm",
        "webkit2gtk3-jsc-devel-2.38.2-9.oe2403.x86_64.rpm",
        "webkit2gtk5.0-2.38.2-9.oe2403.x86_64.rpm",
        "webkit2gtk5.0-devel-2.38.2-9.oe2403.x86_64.rpm",
        "webkit2gtk4.1-debugsource-2.38.2-9.oe2403.x86_64.rpm",
        "webkit2gtk5.0-debugsource-2.38.2-9.oe2403.x86_64.rpm",
        "webkit2gtk5.0-debuginfo-2.38.2-9.oe2403.x86_64.rpm"
    ],
    "aarch64": [
        "webkit2gtk3-jsc-2.38.2-9.oe2403.aarch64.rpm",
        "webkit2gtk5.0-debugsource-2.38.2-9.oe2403.aarch64.rpm",
        "webkit2gtk4.1-2.38.2-9.oe2403.aarch64.rpm",
        "webkit2gtk3-2.38.2-9.oe2403.aarch64.rpm",
        "webkit2gtk3-devel-2.38.2-9.oe2403.aarch64.rpm",
        "jsc5.0-devel-2.38.2-9.oe2403.aarch64.rpm",
        "webkit2gtk4.1-debugsource-2.38.2-9.oe2403.aarch64.rpm",
        "webkit2gtk4.1-devel-2.38.2-9.oe2403.aarch64.rpm",
        "webkit2gtk3-debugsource-2.38.2-9.oe2403.aarch64.rpm",
        "jsc4.1-devel-2.38.2-9.oe2403.aarch64.rpm",
        "webkit2gtk3-debuginfo-2.38.2-9.oe2403.aarch64.rpm",
        "jsc5.0-2.38.2-9.oe2403.aarch64.rpm",
        "webkit2gtk5.0-debuginfo-2.38.2-9.oe2403.aarch64.rpm",
        "jsc4.1-2.38.2-9.oe2403.aarch64.rpm",
        "webkit2gtk5.0-devel-2.38.2-9.oe2403.aarch64.rpm",
        "webkit2gtk5.0-2.38.2-9.oe2403.aarch64.rpm",
        "webkit2gtk3-jsc-devel-2.38.2-9.oe2403.aarch64.rpm",
        "webkit2gtk4.1-debuginfo-2.38.2-9.oe2403.aarch64.rpm"
    ]
}