Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5762-1] webkit2gtk security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5762-1] webkit2gtk security update


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Alberto Garcia <berto AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5762-1] webkit2gtk security update
  • Date: Fri, 30 Aug 2024 19:09:28 +0000
  • List-archive: https://lists.debian.org/msgid-search/ZtIY6DagaSMFLjD5 AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=zAlVCwe42OWqWegmIKb6UfkVFOwW2cWtVO2C/8A+kL0=; b=UD vl4OUhivGZ1ZGdKL04yWJBJCf2rxIQBvN6zb2at2KldO7NN497/JpS8d7bidI6VoICMMzyAxM450D /mST+RGg2J6b9JQYde5lI+OPEYDzwh4Kj4wN9mbvuwWuVjaE9pjPaQvHEcWa04dETOdTb1yWdPYB6 07+BPhwSyFGq0r9MSBrkNPK7V/xQylkRF6HETlOfIYgTojp77RlWPU1oRFpuAtro7J/k7LE0tMre0 Ez02e0RfUWAvfB/YiUIbt+BPMiM8Xhd9NzktYFfRHmIWFdjO6j3SxtURSclV2EdxB8LpxwrYswRdm OfO1lzthyQQ3JnsIpkMNoJTCdzamvGYQ==;
  • Old-return-path: <berto AT debian.org>
  • Priority: urgent
  • Resent-date: Fri, 30 Aug 2024 19:27:11 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <NYQnY5CuhVL.A.Ke2J.P0h0mB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5762-1 security AT debian.org
https://www.debian.org/security/ Alberto Garcia
August 30, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : webkit2gtk
CVE ID : CVE-2024-4558 CVE-2024-40776 CVE-2024-40779 CVE-2024-40780
CVE-2024-40782 CVE-2024-40785 CVE-2024-40789 CVE-2024-40794

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2024-4558

An anonymous researcher discovered that processing maliciously
crafted web content may lead to an unexpected process crash.

CVE-2024-40776

Huang Xilin discovered that processing maliciously crafted web
content may lead to an unexpected process crash.

CVE-2024-40779

Huang Xilin discovered that processing maliciously crafted web
content may lead to an unexpected process crash.

CVE-2024-40780

Huang Xilin dicovered that processing maliciously crafted web
content may lead to an unexpected process crash.

CVE-2024-40782

Maksymilian Motyl discovered that processing maliciously crafted
web content may lead to an unexpected process crash.

CVE-2024-40785

Johan Carlsson discovered that processing maliciously crafted web
content may lead to a cross site scripting attack.

CVE-2024-40789

Seunghyun Lee discovered that processing maliciously crafted web
content may lead to an unexpected process crash.

CVE-2024-40794

Matthew Butler discovered that private Browsing tabs may be
accessed without authentication.

For the stable distribution (bookworm), these problems have been fixed in
version 2.44.3-1~deb12u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmbR5W8ACgkQAAyEYu0C
2ALznQ//bOsY+Xe6T18/q0zsHnyvCV/jxwfjrCUF+OVlulP5LJlrD6uQBdqMr5Jk
9cRcS+qxc/lnqOGU12+MSc2tfvn9XSl5dqZFTHxCH4ztWDjNBzxKrHk82RIkAQ9p
UVzrslRIVrZKlqbeBOCIlJSzc6GEJi5Msxy/4lnSbQ380WGfWQ26mplmgnLQgOL1
OIInHO8VAonPU2I4v4G+BZA1lEKOsoJqXxdg8hsgyBiP4CDcxrpeN6SrPMARUObX
CAsj+jsm4v8Bj7Wd8KvV4W3H137YmyrjPghWQwgmvyf+rvR1JjDwcXBTuAPv4HTC
FQAFbVLoeQSLSpMO3b2oQ0s9f8o93/gbc4n7WyTYac/6IzxT/oH9uKwQABzWBg6C
qcUBgJ1Z7rx9/PgQjWeT7uZdJkT7o7Eux2wtzud82jTM5goOCCqpZo93D35txiIu
sRMoCaszdH65TJxLjPrJFargLw7x2kN0RJUAK167tnEsX56TWIGF+K7BQAr1YpS1
mf3+2VC632yp5MXoejBsGDE4bH1OlgKF8xEs13V2LTb3w1ursC046LcOHLURIwX1
+Cw49Pe6A0nhyv5raUaBzGvV9DbptTM+in8nCI4YXKlcQA87MjOORdVUnW1HWzZe
PiRFGBay5dgSJW9ebTwVJQxNd2QKWZrLRDOLDhJuucxIZf+Fsb8=
=SAKx
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5762-1] webkit2gtk security update, Alberto Garcia, 30.08.2024

Archiv bereitgestellt durch MHonArc 2.6.19+.

Seitenanfang