• [SECURITY] [DSA 5762-1] webkit2gtk security update

    From Alberto Garcia@21:1/5 to All on Fri Aug 30 21:30:02 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5762-1 security@debian.org https://www.debian.org/security/ Alberto Garcia August 30, 2024 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : webkit2gtk
    CVE ID : CVE-2024-4558 CVE-2024-40776 CVE-2024-40779 CVE-2024-40780
    CVE-2024-40782 CVE-2024-40785 CVE-2024-40789 CVE-2024-40794

    The following vulnerabilities have been discovered in the WebKitGTK
    web engine:

    CVE-2024-4558

    An anonymous researcher discovered that processing maliciously
    crafted web content may lead to an unexpected process crash.

    CVE-2024-40776

    Huang Xilin discovered that processing maliciously crafted web
    content may lead to an unexpected process crash.

    CVE-2024-40779

    Huang Xilin discovered that processing maliciously crafted web
    content may lead to an unexpected process crash.

    CVE-2024-40780

    Huang Xilin dicovered that processing maliciously crafted web
    content may lead to an unexpected process crash.

    CVE-2024-40782

    Maksymilian Motyl discovered that processing maliciously crafted
    web content may lead to an unexpected process crash.

    CVE-2024-40785

    Johan Carlsson discovered that processing maliciously crafted web
    content may lead to a cross site scripting attack.

    CVE-2024-40789

    Seunghyun Lee discovered that processing maliciously crafted web
    content may lead to an unexpected process crash.

    CVE-2024-40794

    Matthew Butler discovered that private Browsing tabs may be
    accessed without authentication.

    For the stable distribution (bookworm), these problems have been fixed in version 2.44.3-1~deb12u1.

    We recommend that you upgrade your webkit2gtk packages.

    For the detailed security status of webkit2gtk please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmbR5W8ACgkQAAyEYu0C 2ALznQ//bOsY+Xe6T18/q0zsHnyvCV/jxwfjrCUF+OVlulP5LJlrD6uQBdqMr5Jk 9cRcS+qxc/lnqOGU12+MSc2tfvn9XSl5dqZFTHxCH4ztWDjNBzxKrHk82RIkAQ9p UVzrslRIVrZKlqbeBOCIlJSzc6GEJi5Msxy/4lnSbQ380WGfWQ26mplmgnLQgOL1 OIInHO8VAonPU2I4v4G+BZA1lEKOsoJqXxdg8hsgyBiP4CDcxrpeN6SrPMARUObX CAsj+jsm4v8Bj7Wd8KvV4W3H137YmyrjPghWQwgmvyf+rvR1JjDwcXBTuAPv4HTC FQAFbVLoeQSLSpMO3b2oQ0s9f8o93/gbc4n7WyTYac/6IzxT/oH9uKwQABzWBg6C qcUBgJ1Z7rx9/PgQjWeT7uZdJkT7o7Eux2wtzud82jTM5goOCCqpZo93D35txiIu sRMoCaszdH65TJxLjPrJFargLw7x2kN0RJUAK167tnEsX56TWIGF+K7BQAr1YpS1 mf3+2VC632yp5MXoejBsGDE4bH1OlgKF8xEs13V2LTb3w1ursC046LcOHLURIwX1 +Cw49Pe6A0nhyv5raUaBzGvV9DbptTM+in8nCI4YXKlcQA87MjOORdVUnW1HWzZe PiRFGBay5dgSJW9ebTwVJQxNd2QKWZrLRDOLDhJuucxIZf+Fsb8=
    =SAKx
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)