[SECURITY] [DSA 5885-1] webkit2gtk security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5885-1] webkit2gtk security update
From: Alberto Garcia <berto@debian.org>
Date: Sun, 23 Mar 2025 20:30:40 +0000
Message-id: <[🔎] Z+BvcKr18ahFwtv4@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5885-1                   security@debian.org
https://www.debian.org/security/                           Alberto Garcia
March 23, 2025                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : webkit2gtk
CVE ID         : CVE-2024-44192 CVE-2024-54467 CVE-2025-24201

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2024-44192

    Tashita Software Security discovered that processing maliciously
    crafted web content may lead to an unexpected process crash.

CVE-2024-54467

    Narendra Bhati discovered that a malicious website may exfiltrate
    data cross-origin.

CVE-2025-24201

    Apple discovered that maliciously crafted web content may be able
    to break out of Web Content sandbox.

For the stable distribution (bookworm), these problems have been fixed in
version 2.48.0-1~deb12u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmfgbIQACgkQAAyEYu0C
2AJDGg//awiNFGHzL823MstM04qU/0pZ4W/YxIzF1xd/0CiriYkjFkbeectklx55
exvE9IQ4XpKm/MTQ9lVSY51UlqoYVCUY2qQjE8tXAbSZj2/z9LdFwnud5RCsyMHE
WbjRHaKTS7t8w4+uuVEDYLrAuVPz/NxWNh0JXMUdvHSBRJraE7o8Gr19+SR8Pt8S
uKrbZBg0Oy9jSY+ys3d+dBstIbBufEA0xgnMMZHR7eQ04KG6pKwY2q2xzPtdIsaQ
TmxD/XCTy6mgUh+hLQrh8WDLWFMnHfiogjtdCR19KqIEe+RcpSMqA43XzyU6+foZ
KEuDZgdx+ChjxI+rf/67YFXgHLanlY4lrr1nUB2b0cL3L60NH2Fitdr/v5uq9R+C
ajE9Gm14zrKNswTn+QzAIO76U2HQ7PFHKeWPkI/PgX85YpSxSFf2MXfiyR15l6zl
GowtGtHBgnRKPXbe8MtxmR6zeGR5o0laizaVioArI+b2wBdX6Lz2sWu8RPLTiATg
Isvkh4mNBGjigI+Q3dwBf/853WCSvqE20iVyQ+Mhbt3MTKzDWzdVY2occPunB78c
+8gNhHhERxE5k7mu2A4h68YEcoG8DTyKHKyjwOPIVJvdf22N7zePBpCB4fNU/gI1
D3Lg7CbAdZifmoQG4ouKPfF5mldU4wW7QRcI8/2ZIUls1bDjT7I=
=/Sm2
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5884-1] libxslt security update
Next by Date: [SECURITY] [DSA 5886-1] ruby-rack security update
Previous by thread: [SECURITY] [DSA 5884-1] libxslt security update
Next by thread: [SECURITY] [DSA 5886-1] ruby-rack security update
Index(es):
- Date
- Thread