it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Alberto Garcia <berto AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5575-1] webkit2gtk security update
- Date: Mon, 11 Dec 2023 22:15:28 +0000
- List-archive: https://lists.debian.org/msgid-search/ZXeKAJqlnHKRMUzg AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=3huI7XIWdWH0IzmX6gr75mBNcjHwia0KXxH78yT0FL4=; b=m0 VPbDLs98QQ7bCaV3QeBqU0/QKoDBSIBK7j58sw/5K1izLa+SlBlhmkGGJxWdQX6Iupy2JBg9TFPgN LIg8mzZgBniw+ubTOGxwEJY2JtGs1v90AsrSZBB4q73DknyOs65YlVHgzUaAE7wUYpYT22xqD5I22 pnYbmE+xNDgFaGQ0JMEktLeEQ2Stm4OSo1HL2VnUHk+QJzN1OnL28GbdnucXYHi63fK6SZg+AqyOs VPfqBKuNU32kArK7ScvqClYpofjOkRnVoa17UO2WKTrPnZeJmlPGe8wQHKW9ldBnCmajXDwNk94yS jx7ZCjkhoaoUiq95IN50+JHi6h4wNDZQ==;
- Old-return-path: <berto AT debian.org>
- Priority: urgent
- Resent-date: Mon, 11 Dec 2023 22:33:13 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <Gaep6SK6YqO.A.q0D.p44dlB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5575-1 security AT debian.org
https://www.debian.org/security/ Alberto Garcia
December 11, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : webkit2gtk
CVE ID : CVE-2023-42916 CVE-2023-42917
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2023-42916
Clement Lecigne discovered that processing web content may
disclose sensitive information. Apple is aware of a report that
this issue may have been actively exploited.
CVE-2023-42917
Clement Lecigne discovered that processing web content may lead to
arbitrary code execution. Apple is aware of a report that this
issue may have been actively exploited.
For the oldstable distribution (bullseye), these problems have been fixed
in version 2.42.3-1~deb11u1.
For the stable distribution (bookworm), these problems have been fixed in
version 2.42.3-1~deb12u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmV3hxQACgkQAAyEYu0C
2ALD/A/+Inn3pEr29SXRWDWhmX/eUIg1KrUVGXXfgrWFaDx9ejRhchXnzORIOKcV
a1SlXQ48Gixernf8T06Hbvg6l3TL8vd+Z/mNO+oVYvT3h/ARiJ6rtAS+rxjpFrF0
GOGBDUh8X69knZ17ZZ4fuMo4dkGvq75Ww95bS70ffLWGcwvDjL0VYU1Igkcf8DAU
moqWeHGH1dPwQs18Ifa5PWCnBoxyBkeu3sQz1qsZQ4h628Feo1k7orjRiL7NDS9t
bfSZyiR935BmrOqbGZ1Mg8UH26qY9WZkARUEmi5kfHeycXvAs80sKW6AzKJtksa/
nidSAmYU9QTI5pHp4oF4hSlG7GSABQhSBEzx/B2449XvQOvoD0EAt7OKvEFZ7fIL
mHDLBl4K9QOErM7Qu2hWqaqEBnxo8Xb8epKFtqQUUqVpBPdc79UtrwNj2Lvg5/w3
TPqBc/OnYuXRuTlAZ85zAqbus6roCQI2Nwe6m8+lVhK1H4wRSGQ3XvzpGMG9bplq
y9Z7Lwg2b8s9+3Kfkm8fO9qsK0TrrODxBoJ/hvWZ0ULtvY3KzREnEpnKkPmPdtod
InJwL6vQbtR9D9Zcss8+pWm/ElD5ImTekoqs5vHrgFaXLH0iI/lAXPm/DFX5R5cW
SR6mK0T1Dwg5GveQlnVR7nbwYCtjZOPHGPKDUQYzaNf14keKk9A=
=v8r9
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5575-1] webkit2gtk security update, Alberto Garcia, 11.12.2023
Archiv bereitgestellt durch MHonArc 2.6.19+.