Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Mangelnde Prüfung von Schlüsseln in webkitgtk3
Aktuelle Meldungen Distributionen
Name: Mangelnde Prüfung von Schlüsseln in webkitgtk3
ID: FEDORA-2015-4138
Distribution: Fedora
Plattformen: Fedora 20
Datum: Sa, 4. April 2015, 11:23
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2330

Originalnachricht

Name        : webkitgtk3
Product : Fedora 20
Version : 2.2.8
Release : 3.fc20
URL : http://www.webkitgtk.org/
Summary : GTK+ Web content engine library
Description :
WebKitGTK+ is the port of the portable web rendering engine WebKit to the
GTK+ platform.

This package contains WebKitGTK+ for GTK+ 3.

-------------------------------------------------------------------------------
-
Update Information:

Fixes CVE-2015-2330, late TLS certificate verification. This issue affects
applications using the WebKit 2 API that opt-in to connection failures using WEBKIT_TLS_ERRORS_POLICY_FAIL. No applications included in Fedora 20 are known to be impacted by this issue as none are known to use WEBKIT_TLS_ERRORS_POLICY_FAIL; however, if you develop an application using WebKit 2 it may be affected. Note that applications that do not use this policy cannot be secure.
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Mar 17 2015 Michael Catanzaro <mcatanzaro@gnome.org> - 2.2.8-3
- Add certificate verification patches
* Tue Oct 21 2014 Tomas Popela <tpopela@redhat.com> - 2.2.8-2
- Disable the SSLv3 to address the POODLE vulnerability
* Wed Oct 1 2014 Tomas Popela <tpopela@redhat.com> - 2.2.8-1
- Update to 2.2.8
* Wed Jul 23 2014 Tomas Popela <tpopela@redhat.com> - 2.2.7-3
- Fix CLoop on s390 and ppc
* Wed May 7 2014 Tomas Popela <tpopela@redhat.com> - 2.2.7-2
- Fix CLoop on s390x and ppc64
- Disable yarr jit through flag and don't use patch for it
* Mon May 5 2014 Tomas Popela <tpopela@redhat.com> - 2.2.7-1
- Update to 2.2.7
* Wed Mar 19 2014 Tomas Popela <tpopela@redhat.com> - 2.2.6-1
- Update to 2.2.6
* Tue Feb 18 2014 Tomas Popela <tpopela@redhat.com> - 2.2.4-2
- Enable full debuginfo on s390x
* Tue Jan 21 2014 Tomas Popela <tpopela@redhat.com> - 2.2.4-1
- Update to 2.2.4
* Wed Dec 4 2013 Tomas Popela <tpopela@redhat.com> - 2.2.3-1
- Update to 2.2.3
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update webkitgtk3' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung