Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5885-1] webkit2gtk security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5885-1] webkit2gtk security update


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Alberto Garcia <berto AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5885-1] webkit2gtk security update
  • Date: Sun, 23 Mar 2025 20:30:40 +0000
  • Authentication-results: lists.piratenpartei.de; dkim=none; spf=none (lists.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
  • List-archive: https://lists.debian.org/msgid-search/Z+BvcKr18ahFwtv4 AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=rH2OCNa4HKx95yyGyqNRycmc9e1/xq3WGtV4Xh1XTYM=; b=GG v5pjJKqDt7sfvIlvrUjBmBa/7FaMbUgdNQgZcklJFKK+S1bJ5pSxhnFGKy3hIyFsBrzjAg+FmrL6W TgwOx6LSRpVW2T8kKtjqph0i6L2BSebmpLI718qYe0Je2zFGhwuXcxaOhLxJ/82ercxubMrJlqoDG Rghie4+lKk/gUTz9fs2Bh3DrO4GlJL0ZFzrUx/TQR6LMZIgsCKG4WPbs1dXcbK3NzLw8hr4tE+yvH Uj+El/OWDSY4eZIXmQTxp0YItXXuuGztbldm476mOHosbfvdncavjvZkhSvIXsZEhdSQl66eA42DK 60XSVgjU5fY6EW+0mBa0zXttNjGxwLAw==;
  • Old-return-path: <berto AT debian.org>
  • Priority: urgent
  • Resent-date: Sun, 23 Mar 2025 20:48:11 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <IRRo5GK_rlB.A.-bQL.KOH4nB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5885-1 security AT debian.org
https://www.debian.org/security/ Alberto Garcia
March 23, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : webkit2gtk
CVE ID : CVE-2024-44192 CVE-2024-54467 CVE-2025-24201

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2024-44192

Tashita Software Security discovered that processing maliciously
crafted web content may lead to an unexpected process crash.

CVE-2024-54467

Narendra Bhati discovered that a malicious website may exfiltrate
data cross-origin.

CVE-2025-24201

Apple discovered that maliciously crafted web content may be able
to break out of Web Content sandbox.

For the stable distribution (bookworm), these problems have been fixed in
version 2.48.0-1~deb12u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmfgbIQACgkQAAyEYu0C
2AJDGg//awiNFGHzL823MstM04qU/0pZ4W/YxIzF1xd/0CiriYkjFkbeectklx55
exvE9IQ4XpKm/MTQ9lVSY51UlqoYVCUY2qQjE8tXAbSZj2/z9LdFwnud5RCsyMHE
WbjRHaKTS7t8w4+uuVEDYLrAuVPz/NxWNh0JXMUdvHSBRJraE7o8Gr19+SR8Pt8S
uKrbZBg0Oy9jSY+ys3d+dBstIbBufEA0xgnMMZHR7eQ04KG6pKwY2q2xzPtdIsaQ
TmxD/XCTy6mgUh+hLQrh8WDLWFMnHfiogjtdCR19KqIEe+RcpSMqA43XzyU6+foZ
KEuDZgdx+ChjxI+rf/67YFXgHLanlY4lrr1nUB2b0cL3L60NH2Fitdr/v5uq9R+C
ajE9Gm14zrKNswTn+QzAIO76U2HQ7PFHKeWPkI/PgX85YpSxSFf2MXfiyR15l6zl
GowtGtHBgnRKPXbe8MtxmR6zeGR5o0laizaVioArI+b2wBdX6Lz2sWu8RPLTiATg
Isvkh4mNBGjigI+Q3dwBf/853WCSvqE20iVyQ+Mhbt3MTKzDWzdVY2occPunB78c
+8gNhHhERxE5k7mu2A4h68YEcoG8DTyKHKyjwOPIVJvdf22N7zePBpCB4fNU/gI1
D3Lg7CbAdZifmoQG4ouKPfF5mldU4wW7QRcI8/2ZIUls1bDjT7I=
=/Sm2
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5885-1] webkit2gtk security update, Alberto Garcia, 23.03.2025

Archiv bereitgestellt durch MHonArc 2.6.19+.

Seitenanfang