Advisories ยป MGASA-2025-0291

Updated webkit2 packages fix security vulnerabilities

Publication date: 14 Nov 2025
Modification date: 14 Nov 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-27838 , CVE-2024-27851 , CVE-2024-40776 , CVE-2024-40779 , CVE-2024-40780 , CVE-2024-40782 , CVE-2024-40789 , CVE-2024-4558

Description

CVE-2024-27838 A maliciously crafted webpage may be able to fingerprint
the user. Description: The issue was addressed by adding additional
logic.
CVE-2024-27851 Processing maliciously crafted web content may lead to
arbitrary code execution. Description: The issue was addressed with
improved bounds checks.
CVE-2024-40776 Processing maliciously crafted web content may lead to an
unexpected process crash. Description: A use-after-free issue was
addressed with improved memory management.
CVE-2024-40779 / CVE-2024-40780 Processing maliciously crafted web
content may lead to an unexpected process crash. Description: An
out-of-bounds read was addressed with improved bounds checking.
CVE-2024-40782 Processing maliciously crafted web content may lead to an
unexpected process crash. Description: A use-after-free issue was
addressed with improved memory management.
CVE-2024-40789 Processing maliciously crafted web content may lead to an
unexpected process crash. Description: An out-of-bounds access issue was
addressed with improved bounds checking.
CVE-2024-4558 Processing maliciously crafted web content may lead to an
unexpected process crash. Description: Use after free in ANGLE allowed a
remote attacker to potentially exploit heap corruption via a crafted
HTML page.

References

SRPMS

9/core