[SECURITY] [DLA 4051-1] webkit2gtk security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4051-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
February 13, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : webkit2gtk
Version : 2.46.6-1~deb11u1
CVE ID : CVE-2025-24143 CVE-2025-24150 CVE-2025-24158 CVE-2025-24162
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2025-24143
An anonymous researcher discovered that a maliciously crafted
webpage may be able to fingerprint the user.
CVE-2025-24150
Johan Carlsson discovered that copying a URL from Web Inspector
may lead to command injection.
CVE-2025-24158
Q1IQ and P1umer discovered that processing web content may lead to
a denial-of-service.
CVE-2025-24162
linjy and chluo discovered that processing maliciously crafted web
content may lead to an unexpected process crash.
For Debian 11 bullseye, these problems have been fixed in version
2.46.6-1~deb11u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmetqTYACgkQnUbEiOQ2
gwKi5hAAwq0VsOZxRvBtOdyvTXOCSPEKNOX1VCPSAXi7CKXUyrIr9GyNkEbJi0Tx
HXHMf8k4fqbiYdWExh3CZxZ2dUUWAWE0PgE4Fhh9vIuEuJVVqYIviSULcGsjB+us
qvCloQgDsFgou30fSZ80KgSZEvjE1TCLdKCs7onMcYgXXLaDZbtwscTCwzeCOYM1
bgYNdhFZby3Y3vtKaQ1s1ACTv5TPHN4I6+EyE9Lupz2bs9Y6NLgaRmiUbOAb3Bbr
zd1B3DrryvHdzQzPtrQYfNoqAC18IAjaDbw6oaUcgq30I00s9/Io8NutYDpVRqju
W3rkS5InxwhNnRcxL75dbYbjnc1wgLqfXjodklNxAnDVketaITBn7Rjhm4siteFk
D8LWmNS5Yu9HGP6ALnI9gzV04jxVECk2uIE4P4OkW7BDkPHc69q8n7x5VVm74Pc1
cob9k6VWi9ahaaoChpginYZNweB639es236gDr3M8OHI0l92R7elZo14/bxTTkjL
Pmb2+syDIk+XVMELnWioVB+rpLNbPMVHppU+ITrWIr4l6U3X/P9AXqDhON9XE7lh
ZlGmPcYvDWw03LJWoSOzEi+CDKya+JdbiiX1ihsfxNTaGwCJjTKPR1aN2VX8PRFM
Mefa2zMyOxqStUHC/0So2+oKmBLIA2jPsx/xwD09RzD2V4BLE3g=
=Z6B7
-----END PGP SIGNATURE-----
Reply to: