Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5308-1] webkit2gtk security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5308-1] webkit2gtk security update


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Alberto Garcia <berto AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5308-1] webkit2gtk security update
  • Date: Sat, 31 Dec 2022 00:42:12 +0000
  • Authentication-results: mail.piratenpartei.de; dkim=none; dmarc=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"
  • List-archive: https://lists.debian.org/msgid-search/Y6+FZNyYKpOpgLoH AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=l+VT5HHUtg15PteMSY7+ieHNcGCAA7y72OfvXsrqi/w=; b=hA GSoTDKqZe1V+kYdZYiCpcd/p2Gk5wYiFCD1UHjSONE9NMAa7n3lEOLs2m2qW7kvoUGglTQkJrjsDm FV+0X1Vli+EBLH8Tgj78EFqnn6suVet9IMBEHOHJcPH9o891X/ViEWKM7DxVROzExkOg+sI10sMLm ay5rsyvCqqYx8D3gyvPVy/bq5Dsy0WMjHn+bnHmvJNC0sFBLpSqmGI1T7Fo0zAy3C4GL4mgpmrTUy Z73Vk8nMLhJmvqLKB0GFSm/pW5fb4R5ZIjqoRuwaTaSg0RpLYCoD57SBtsvyNZDOmPxEeMGjWv1vC LZ7puuLavbIMrqswW6jtixVW969VBigw==;
  • Old-return-path: <berto AT debian.org>
  • Priority: urgent
  • Resent-date: Sat, 31 Dec 2022 00:42:35 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <cQpvBWzh1fE.A.x0.7V4rjB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5308-1 security AT debian.org
https://www.debian.org/security/ Alberto Garcia
December 31, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : webkit2gtk
CVE ID : CVE-2022-42852 CVE-2022-42856 CVE-2022-42867 CVE-2022-46692
CVE-2022-46698 CVE-2022-46699 CVE-2022-46700

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2022-42852

hazbinhotel discovered that processing maliciously crafted web
content may result in the disclosure of process memory.

CVE-2022-42856

Clement Lecigne discovered that processing maliciously crafted web
content may lead to arbitrary code execution.

CVE-2022-42867

Maddie Stone discovered that processing maliciously crafted web
content may lead to arbitrary code execution.

CVE-2022-46692

KirtiKumar Anandrao Ramchandani discovered that processing
maliciously crafted web content may bypass Same Origin Policy.

CVE-2022-46698

Dohyun Lee and Ryan Shin discovered that processing maliciously
crafted web content may disclose sensitive user information.

CVE-2022-46699

Samuel Gross discovered that processing maliciously crafted web
content may lead to arbitrary code execution.

CVE-2022-46700

Samuel Gross discovered that processing maliciously crafted web
content may lead to arbitrary code execution.

For the stable distribution (bullseye), these problems have been fixed in
version 2.38.3-1~deb11u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmOvgQAACgkQAAyEYu0C
2AJQTw/6Ahzd4VSPxKke5OlXL0Y8DuzGL6tX8syekKBYUKo2SXoZLy7d+usaSS1N
85Nfbzk/EvUmFr1zsy8SWVwpTZ0d+kIaIONGHXgLZsF89jFlXMcOav3KCfaliVvd
VpOtyrE1GuLpnu2718uqI0q5QsprIJAAXuAQCTa4uYr0bnliVKvI7evNIIayooIJ
8FY5Hrf13F2UXMvdU3qdpDAYoHGidO81d5yR4bijnP+PyDCTT2MWX5gOaKuUkwa0
miM4QJBzARI/ys5+jHJ+YrFaGi8I/c7/DxzAwjy0CbTe6zDrqwfisLTUc6m7h41O
UOvJVY7EWaidIldtW8iZilfK82IhX66fcEhTYuM7JfcKoDKMRzegP5vtCT7PxW0C
gpxuW24ppbEIrXoTSKbHD+1w0QoitwCnJ11aj68TlaLHaeqkt5y5lGgR/Ozbfh3k
ABLALtsjqv28ao8iXUcOlACeVrCYOMaNBB9wtKAiIB88xDvCAX7bWAMdiCa+RXL7
iEoERbREZX9GJEdiVxdCFPbbN3jPWqYdvjEFlpmB1crEpAMPTNriFWChLdcGLjz6
QBgK5Oz2EbExajQ2msCGomK2mWLwhMuHqd7M7b44VOoPqGqrdp6u9iVEa5y7+NAi
qG+oeME8Togvm9xWS2hxu11M9sXyAYENHwLazAhg7sihTjXUa28=
=1oK1
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5308-1] webkit2gtk security update, Alberto Garcia, 31.12.2022

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang