[SECURITY] [DSA 5762-1] webkit2gtk security update
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 5762-1] webkit2gtk security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5762-1                   security@debian.org
https://www.debian.org/security/                           Alberto Garcia
August 30, 2024                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : webkit2gtk
CVE ID         : CVE-2024-4558 CVE-2024-40776 CVE-2024-40779 CVE-2024-40780
                 CVE-2024-40782 CVE-2024-40785 CVE-2024-40789 CVE-2024-40794

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2024-4558

    An anonymous researcher discovered that processing maliciously
    crafted web content may lead to an unexpected process crash.

CVE-2024-40776

    Huang Xilin discovered that processing maliciously crafted web
    content may lead to an unexpected process crash.

CVE-2024-40779

    Huang Xilin discovered that processing maliciously crafted web
    content may lead to an unexpected process crash.

CVE-2024-40780

    Huang Xilin dicovered that processing maliciously crafted web
    content may lead to an unexpected process crash.

CVE-2024-40782

    Maksymilian Motyl discovered that processing maliciously crafted
    web content may lead to an unexpected process crash.

CVE-2024-40785

    Johan Carlsson discovered that processing maliciously crafted web
    content may lead to a cross site scripting attack.

CVE-2024-40789

    Seunghyun Lee discovered that processing maliciously crafted web
    content may lead to an unexpected process crash.

CVE-2024-40794

    Matthew Butler discovered that private Browsing tabs may be
    accessed without authentication.

For the stable distribution (bookworm), these problems have been fixed in
version 2.44.3-1~deb12u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmbR5W8ACgkQAAyEYu0C
2ALznQ//bOsY+Xe6T18/q0zsHnyvCV/jxwfjrCUF+OVlulP5LJlrD6uQBdqMr5Jk
9cRcS+qxc/lnqOGU12+MSc2tfvn9XSl5dqZFTHxCH4ztWDjNBzxKrHk82RIkAQ9p
UVzrslRIVrZKlqbeBOCIlJSzc6GEJi5Msxy/4lnSbQ380WGfWQ26mplmgnLQgOL1
OIInHO8VAonPU2I4v4G+BZA1lEKOsoJqXxdg8hsgyBiP4CDcxrpeN6SrPMARUObX
CAsj+jsm4v8Bj7Wd8KvV4W3H137YmyrjPghWQwgmvyf+rvR1JjDwcXBTuAPv4HTC
FQAFbVLoeQSLSpMO3b2oQ0s9f8o93/gbc4n7WyTYac/6IzxT/oH9uKwQABzWBg6C
qcUBgJ1Z7rx9/PgQjWeT7uZdJkT7o7Eux2wtzud82jTM5goOCCqpZo93D35txiIu
sRMoCaszdH65TJxLjPrJFargLw7x2kN0RJUAK167tnEsX56TWIGF+K7BQAr1YpS1
mf3+2VC632yp5MXoejBsGDE4bH1OlgKF8xEs13V2LTb3w1ursC046LcOHLURIwX1
+Cw49Pe6A0nhyv5raUaBzGvV9DbptTM+in8nCI4YXKlcQA87MjOORdVUnW1HWzZe
PiRFGBay5dgSJW9ebTwVJQxNd2QKWZrLRDOLDhJuucxIZf+Fsb8=
=SAKx
-----END PGP SIGNATURE-----
Reply to: