[SECURITY] [DLA 3274-1] webkit2gtk security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3274-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
January 19, 2023 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : webkit2gtk
Version : 2.38.3-1~deb10u1
CVE ID : CVE-2022-42852 CVE-2022-42856 CVE-2022-42867 CVE-2022-46692
CVE-2022-46698 CVE-2022-46699 CVE-2022-46700
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2022-42852
hazbinhotel discovered that processing maliciously crafted web
content may result in the disclosure of process memory.
CVE-2022-42856
Clement Lecigne discovered that processing maliciously crafted web
content may lead to arbitrary code execution.
CVE-2022-42867
Maddie Stone discovered that processing maliciously crafted web
content may lead to arbitrary code execution.
CVE-2022-46692
KirtiKumar Anandrao Ramchandani discovered that processing
maliciously crafted web content may bypass Same Origin Policy.
CVE-2022-46698
Dohyun Lee and Ryan Shin discovered that processing maliciously
crafted web content may disclose sensitive user information.
CVE-2022-46699
Samuel Gross discovered that processing maliciously crafted web
content may lead to arbitrary code execution.
CVE-2022-46700
Samuel Gross discovered that processing maliciously crafted web
content may lead to arbitrary code execution.
For Debian 10 buster, these problems have been fixed in version
2.38.3-1~deb10u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmPJFxEACgkQnUbEiOQ2
gwKkQA//QDUhHq0gLCIV4iq7optCNnzjkAXpUhsKYEslQaJZo/uUZmPF5sBZOyTf
aeUSrG2Ys4FUSj6NzeubpEW9TtBJzqRjfCj977n5mr142wg9ihjXq9T52BFqPnml
RenqZZwW3QPBD8c4N2oah6cijmHsnAApN/cNBjKHDiYlOHDesGzJL0OyZZpSzjZs
j+XbP9lm1/94DP9jvRu3EouMC3RyYoqPMBLMh5YoMKojVZfTlS0bc+xpBgESCLgB
/pOqoFfn4fSWdeErPoRvvuZuQwflbs/WiZH6y6qpEWCSsgH7i9CtGYOTBqxgls/J
v/D042T11ic5HkY3yp85HeKV70GF1Bxy5wV0WOsC4gQ4cRgNHHUqvnhsJGuSFKgA
oQLNVNcSnNcCPFqFNYBHC9FtE1WQOPiDOxxammaWuUbPW+UZV65tXS1nZWGDnrty
1JChTQMNMN2g4j36POxfQHBovvsGCBih2ewT8n0CvVRdXxR4CJVOauGfG9fKcizN
0CqPSvPER7RYQkz62himwE81bYDMOtRk6h+ibzPPgMoY7ym7SolFUAdEQ5bw4Y/2
ONJnA+f3WT+FkUVYrmxFSh12bXACyFZS9yEW535X6DoZzUBDLG6Kd0G4S2CG2x0h
QhUUM6fAxQMZSZIAjUtHTKiIVEnBSPJKw++CuriZTdL1KzIG2NU=
=XznE
-----END PGP SIGNATURE-----
Reply to: