• [SECURITY] [DSA 5575-1] webkit2gtk security update

    From Alberto Garcia@21:1/5 to All on Mon Dec 11 23:40:01 2023
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5575-1 security@debian.org https://www.debian.org/security/ Alberto Garcia December 11, 2023 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : webkit2gtk
    CVE ID : CVE-2023-42916 CVE-2023-42917

    The following vulnerabilities have been discovered in the WebKitGTK
    web engine:

    CVE-2023-42916

    Clement Lecigne discovered that processing web content may
    disclose sensitive information. Apple is aware of a report that
    this issue may have been actively exploited.

    CVE-2023-42917

    Clement Lecigne discovered that processing web content may lead to
    arbitrary code execution. Apple is aware of a report that this
    issue may have been actively exploited.

    For the oldstable distribution (bullseye), these problems have been fixed
    in version 2.42.3-1~deb11u1.

    For the stable distribution (bookworm), these problems have been fixed in version 2.42.3-1~deb12u1.

    We recommend that you upgrade your webkit2gtk packages.

    For the detailed security status of webkit2gtk please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmV3hxQACgkQAAyEYu0C 2ALD/A/+Inn3pEr29SXRWDWhmX/eUIg1KrUVGXXfgrWFaDx9ejRhchXnzORIOKcV a1SlXQ48Gixernf8T06Hbvg6l3TL8vd+Z/mNO+oVYvT3h/ARiJ6rtAS+rxjpFrF0 GOGBDUh8X69knZ17ZZ4fuMo4dkGvq75Ww95bS70ffLWGcwvDjL0VYU1Igkcf8DAU moqWeHGH1dPwQs18Ifa5PWCnBoxyBkeu3sQz1qsZQ4h628Feo1k7orjRiL7NDS9t bfSZyiR935BmrOqbGZ1Mg8UH26qY9WZkARUEmi5kfHeycXvAs80sKW6AzKJtksa/ nidSAmYU9QTI5pHp4oF4hSlG7GSABQhSBEzx/B2449XvQOvoD0EAt7OKvEFZ7fIL mHDLBl4K9QOErM7Qu2hWqaqEBnxo8Xb8epKFtqQUUqVpBPdc79UtrwNj2Lvg5/w3 TPqBc/OnYuXRuTlAZ85zAqbus6roCQI2Nwe6m8+lVhK1H4wRSGQ3XvzpGMG9bplq y9Z7Lwg2b8s9+3Kfkm8fO9qsK0TrrODxBoJ/hvWZ0ULtvY3KzREnEpnKkPmPdtod InJwL6vQbtR9D9Zcss8+pWm/ElD5ImTekoqs5vHrgFaXLH0iI/lAXPm/DFX5R5cW SR6mK0T1Dwg5GveQlnVR7nbwYCtjZOPHGPKDUQYzaNf14keKk9A=
    =v8r9
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)