[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3864-1] webkit2gtk security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3864-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
September 02, 2024                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : webkit2gtk
Version        : 2.44.3-1~deb11u1
CVE ID         : CVE-2024-4558 CVE-2024-40776 CVE-2024-40779 CVE-2024-40780
                 CVE-2024-40782 CVE-2024-40785 CVE-2024-40789 CVE-2024-40794

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2024-4558

    An anonymous researcher discovered that processing maliciously
    crafted web content may lead to an unexpected process crash.

CVE-2024-40776

    Huang Xilin discovered that processing maliciously crafted web
    content may lead to an unexpected process crash.

CVE-2024-40779

    Huang Xilin discovered that processing maliciously crafted web
    content may lead to an unexpected process crash.

CVE-2024-40780

    Huang Xilin dicovered that processing maliciously crafted web
    content may lead to an unexpected process crash.

CVE-2024-40782

    Maksymilian Motyl discovered that processing maliciously crafted
    web content may lead to an unexpected process crash.

CVE-2024-40785

    Johan Carlsson discovered that processing maliciously crafted web
    content may lead to a cross site scripting attack.

CVE-2024-40789

    Seunghyun Lee discovered that processing maliciously crafted web
    content may lead to an unexpected process crash.

CVE-2024-40794

    Matthew Butler discovered that private Browsing tabs may be
    accessed without authentication.

For Debian 11 bullseye, these problems have been fixed in version
2.44.3-1~deb11u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmbWJOkACgkQnUbEiOQ2
gwLDwBAAioDVdT5GsjJxq5QRZCP1LhSFD8ICBN/pelHKX2nnbAOq8YT/GZTbUnLB
kiJGnAn3f/B1Z+brYrnX00ZMd0XbNlbiNxcrS3i7TvZj5jmQCkEh7ld5HlHrsGoz
a0dhnWl+4lCYSGEPu2tG0qTLEKqkM5VH26JZA3wffl7Xl/xhVwGNAur0tTFivApI
8TR00wuBNMFqsLPcgKla1FSrEy+IvXbQc+uixeuPpx74EVIdOAyW3960/ynAbaMw
RUePHNJQsoq29ZJxbj57GO94cad/awMh2BsX/xL/DKuLAP1o6Tp+qBu1Msml158B
Zj1vtnQWrim0j18dIs3vaDKAob0zWMMDajT9ovUqEROoAEtluyXCTLBS6of+HrFW
8dEQ+d+0NIww2KQartofMi3c+SURtaPO0QUrMJWdZkPvPycTPk+FBxFKYhRwVR1k
oEtEpvqwJ2g76SWmzFWzGQxkTbrg5mrS7Y4XC+CJI6wZ0qBgzb0YONlaSmD0qc+Q
8tXkaUkmROa+aPArkLVCN8LB63nKYv/a3ZqedSgncakOUmC+h5jvkYsXKaPUImQN
C2vHvMK0Z3Fb98XzrMIFJIQNS6UW41CmEAxHM9dMQU88P0z5IswLwnwdOIb9j7O1
2j0lsfFlagspbhW4e9oG4EzqvT99uorTrjo+MijB2rDTup25Xhw=
=e5Jm
-----END PGP SIGNATURE-----
Reply to: