[SECURITY] [DLA 4051-1] webkit2gtk security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 4051-1] webkit2gtk security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Thu, 13 Feb 2025 09:11:37 +0100
Message-id: <[🔎] 20250213081137.6934A2A01DA@andromeda>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4051-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
February 13, 2025                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : webkit2gtk
Version        : 2.46.6-1~deb11u1
CVE ID         : CVE-2025-24143 CVE-2025-24150 CVE-2025-24158 CVE-2025-24162

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2025-24143

    An anonymous researcher discovered that a maliciously crafted
    webpage may be able to fingerprint the user.

CVE-2025-24150

    Johan Carlsson discovered that copying a URL from Web Inspector
    may lead to command injection.

CVE-2025-24158

    Q1IQ and P1umer discovered that processing web content may lead to
    a denial-of-service.

CVE-2025-24162

    linjy and chluo discovered that processing maliciously crafted web
    content may lead to an unexpected process crash.

For Debian 11 bullseye, these problems have been fixed in version
2.46.6-1~deb11u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmetqTYACgkQnUbEiOQ2
gwKi5hAAwq0VsOZxRvBtOdyvTXOCSPEKNOX1VCPSAXi7CKXUyrIr9GyNkEbJi0Tx
HXHMf8k4fqbiYdWExh3CZxZ2dUUWAWE0PgE4Fhh9vIuEuJVVqYIviSULcGsjB+us
qvCloQgDsFgou30fSZ80KgSZEvjE1TCLdKCs7onMcYgXXLaDZbtwscTCwzeCOYM1
bgYNdhFZby3Y3vtKaQ1s1ACTv5TPHN4I6+EyE9Lupz2bs9Y6NLgaRmiUbOAb3Bbr
zd1B3DrryvHdzQzPtrQYfNoqAC18IAjaDbw6oaUcgq30I00s9/Io8NutYDpVRqju
W3rkS5InxwhNnRcxL75dbYbjnc1wgLqfXjodklNxAnDVketaITBn7Rjhm4siteFk
D8LWmNS5Yu9HGP6ALnI9gzV04jxVECk2uIE4P4OkW7BDkPHc69q8n7x5VVm74Pc1
cob9k6VWi9ahaaoChpginYZNweB639es236gDr3M8OHI0l92R7elZo14/bxTTkjL
Pmb2+syDIk+XVMELnWioVB+rpLNbPMVHppU+ITrWIr4l6U3X/P9AXqDhON9XE7lh
ZlGmPcYvDWw03LJWoSOzEi+CDKya+JdbiiX1ihsfxNTaGwCJjTKPR1aN2VX8PRFM
Mefa2zMyOxqStUHC/0So2+oKmBLIA2jPsx/xwD09RzD2V4BLE3g=
=Z6B7
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4038-2] dcmtk regression update
Next by Date: [SECURITY] [DLA 4052-1] postgresql-13 security update
Previous by thread: [SECURITY] [DLA 4038-2] dcmtk regression update
Next by thread: [SECURITY] [DLA 4052-1] postgresql-13 security update
Index(es):
- Date
- Thread