Fedora 25 : webkitgtk4 (2017-b015aa1d33)

high Nessus Plugin ID 96676

Language:

Synopsis

The remote Fedora host is missing a security update.

Description

This update addresses the following vulnerabilities :

- [CVE-2016-7656](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7656), [CVE-2016-7635](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7635), [CVE-2016-7654](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7654), [CVE-2016-7639](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7639), [CVE-2016-7645](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7645), [CVE-2016-7652](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7652), [CVE-2016-7641](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7641), [CVE-2016-7632](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7632), [CVE-2016-7599](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7599), [CVE-2016-7592](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7592), [CVE-2016-7589](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7589), [CVE-2016-7623](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7623), [CVE-2016-7586](https://cve.mitre.org/cgi-bin/cvename.cg i?name=CVE-2016-7586)

Additional fixes :

- Create GLX OpenGL contexts using version 3.2 (core profile) when available to reduce the memory consumption on Mesa based drivers.

- Improve memory pressure handler to reduce the CPU usage on memory pressure situations.

- Fix a regression in WebKitWebView title notify signal emission that caused the signal to be emitted multiple times.

- Fix high CPU usage in the web process loading hyphenation dictionaries. More user agent string improvements to improve compatibility with several websites.

- Fix web process crash when closing the web view in X11.

- Fix the build with OpenGL ES2 enabled.

- Fix several crashes and rendering issues.

Translation updates :

- German.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected webkitgtk4 package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2017-b015aa1d33

Plugin Details

Severity: High

ID: 96676

File Name: fedora_2017-b015aa1d33.nasl

Version: 3.6

Type: local

Agent: unix

Published: 1/23/2017

Updated: 1/6/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:webkitgtk4, cpe:/o:fedoraproject:fedora:25

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 1/20/2017

Vulnerability Publication Date: 2/20/2017

Reference Information

CVE: CVE-2016-7586, CVE-2016-7589, CVE-2016-7592, CVE-2016-7599, CVE-2016-7623, CVE-2016-7632, CVE-2016-7635, CVE-2016-7639, CVE-2016-7641, CVE-2016-7645, CVE-2016-7652, CVE-2016-7654, CVE-2016-7656