WebKitGTK+ 2.8.4 includes fixes for 12 security issues. Additional fixes:

  • Make WebSQL work by using a default quota instead of always failing in openDatabase with DOM Exception 18.
  • Improve detection and usage of GL/GLES/EGL libraries.
  • Fix a crash on memory allocation using bmalloc on 32bit systems.
  • Fix DOCUMENT_VIEWER cache model to actually disable the memory cache.
  • Fix a WebProcess crash after too many redirect error when there's an active NPAPI plugin.
  • Fix a WebProcess crash when gtk-font-name setting is empty.
  • Ensure Math.abs() doesn't return negative.
  • Correctly restore accelerated compositing after a WebProcess crash.
  • Respect X-Frame-Options headers when loading from application cache.
  • Several crashes and rendering issues fixed.
  • Fix the MIPS N64 detection.
  • Fix several memory leaks.
  • Translation updates: Catalan.
  • Workaround a crash affecting 32-bit computers.

How to install

sudo dnf upgrade --advisory=FEDORA-2015-11395

This update has been submitted for testing by catanzaro.

5 years ago

I submitted a second update to add a patch that prevents web processes from allocating unlimited memory. The goal is to prevent visits to bugzilla.redhat.com from hanging your computer. Also I tagged it as a security update due to the large number of security fixes that are always present in each stable update. Our process for reporting security issues is broken since we can't get CVE numbers from Apple anymore, but you can always find them by viewing the full changelist https://trac.webkit.org/log/releases/WebKitGTK/webkit-2.8?action=stop_on_copy&mode=stop_on_copy&rev=186645&stop_rev=&limit=200 and just checking to see which bugs you're not allowed to visit. I count 13 this time, but two point to the same bug.

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/104755/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/104755/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 22 testing updates repository.

5 years ago

This update has been pushed to testing

5 years ago
User Icon diogocampos commented & provided feedback 5 years ago
karma

Been using for a few days. Everything seems to be fine. Thanks, Michael.

And thank you for the karma and bug reports!

User Icon fcon commented & provided feedback 5 years ago
karma

looks good

User Icon norenh commented & provided feedback 5 years ago
karma

No regressions detected

This update has reached the stable karma threshold and will be pushed to the stable updates repository

5 years ago

Taskotron: upgradepath test PASSED on noarch. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/106380/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/106381/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/106381/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 22 stable updates repository.

5 years ago

This update is currently being pushed to the Fedora 22 stable updates repository.

5 years ago

This update has been pushed to stable

5 years ago

Please login to add feedback.

Metadata
Type
security
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
5 years ago
in testing
5 years ago
in stable
5 years ago
modified
5 years ago
BZ#1225733 [abrt] [faf] webkitgtk4: bmalloc::Heap::allocateXLarge(std::lock_guard<bmalloc::StaticMutex>&, unsigned int, unsigned int)(): /usr/libexec/webkit2gtk-4.0/WebKitWebProcess killed by 11
0
0

Automated Test Results