[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3982-1] webkit2gtk security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3982-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
December 03, 2024                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : webkit2gtk
Version        : 2.46.4-1~deb11u1
CVE ID         : CVE-2024-44308 CVE-2024-44309

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2024-44308

    Clement Lecigne and Benoit Sevens discovered that processing
    maliciously crafted web content may lead to arbitrary code
    execution. Apple is aware of a report that this issue may have
    been actively exploited on Intel-based Mac systems.

CVE-2024-44309

    Clement Lecigne and Benoit Sevens discovered that processing
    maliciously crafted web content may lead to a cross site scripting
    attack. Apple is aware of a report that this issue may have been
    actively exploited on Intel-based Mac systems.

For Debian 11 bullseye, these problems have been fixed in version
2.46.4-1~deb11u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmdOwhYACgkQnUbEiOQ2
gwJRgBAAgiyvtGL/sC2/SmNAGYeYw5T2vFan3YXJ69G737GA50EIkSBnjhrof2/q
Hb2lbvU1Bffc6TrSFGENYNK56e1wZ+F4EJDg2eLl/sA+BHrAO3//1GrWALfU8sAq
4zLD8NbmZyCy8qa/zNCRiqWXchst9IW6fqS9QsdG/dPPAPiPw+CS7Gbt8uiBCX6F
GmyNlEpyohG4p7VNQAFdCfzzVt4N0a+7aq6UsAybOPVHuA3gVF0VLWTqq5Cyx9PN
B1Hhn1Uzmfvp/86+qJwS7xtrGRGb0oa75Ac+WV3Bpa/Hz0h/02C90gZqy5muKHNp
vhg55Qes+vgHQRw3dS9ZdaDHtTh8pN4CRy4V/b/jCe02d+5tGEObsJf1Slz4ZG4K
Ll3MLZYtgpttqhFvZ44UPMJ7K333LSUB8ddACCnWRgOrmmvOdFNOocOU4fiZ/xXP
vx4xaaijCIgoMBejsqdhjwsWhy+vqh9TAEN+/lOMdFSYtYq+qJ+ZCdW/t/y4fci9
ADlVoIV57GhjBJ0jJXksAfYRqtu2sgYxKubVbJTrlitzjW2geAfJeMdvbxPFelIL
9zYDSSjZsiSqWuA8aDgAVlweAlEKo1ax2aiW5cbaykM54DZCQrK94MjgP/DkpPyh
byakPSLu1qZL7TJOxsfhVE97nAxEo/g/+rZ5X/0nwCTFAfiZpPg=
=4R43
-----END PGP SIGNATURE-----


Reply to: