Security
Headlines
HeadlinesLatestCVEs

Headline

Debian Security Advisory 5468-1

Debian Linux Security Advisory 5468-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. YeongHyeon Choi discovered that processing web content may disclose sensitive information. Narendra Bhati discovered that a website may be able to bypass the Same Origin Policy. Narendra Bhati, Valentino Dalla Valle, Pedro Bernardo, Marco Squarcina, and Lorenzo Veronese discovered that processing web content may lead to arbitrary code execution. Various other issues were also addressed.

Packet Storm
#vulnerability#web#linux#debian#cisco#js#java#webkit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Debian Security Advisory DSA-5468-1 [email protected]
https://www.debian.org/security/ Alberto Garcia
August 05, 2023 https://www.debian.org/security/faq


Package : webkit2gtk
CVE ID : CVE-2023-38133 CVE-2023-38572 CVE-2023-38592 CVE-2023-38594
CVE-2023-38595 CVE-2023-38597 CVE-2023-38599 CVE-2023-38600
CVE-2023-38611

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2023-38133

YeongHyeon Choi discovered that processing web content may  
disclose sensitive information.

CVE-2023-38572

Narendra Bhati discovered that a website may be able to bypass the  
Same Origin Policy.

CVE-2023-38592

Narendra Bhati, Valentino Dalla Valle, Pedro Bernardo, Marco  
Squarcina, and Lorenzo Veronese discovered that processing web  
content may lead to arbitrary code execution.

CVE-2023-38594

Yuhao Hu discovered that processing web content may lead to  
arbitrary code execution.

CVE-2023-38595

An anonymous researcher, Jiming Wang, and Jikai Ren discovered  
that processing web content may lead to arbitrary code execution.

CVE-2023-38597

Junsung Lee discovered that processing web content may lead to  
arbitrary code execution.

CVE-2023-38599

Hritvik Taneja, Jason Kim, Jie Jeff Xu, Stephan van Schaik, Daniel  
Genkin, and Yuval Yarom discovered that a website may be able to  
track sensitive user information.

CVE-2023-38600

An anonymous researcher discovered that processing web content may  
lead to arbitrary code execution.

CVE-2023-38611

Francisco Alonso discovered that processing web content may lead  
to arbitrary code execution.

For the oldstable distribution (bullseye), these problems have been fixed
in version 2.40.5-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in
version 2.40.5-1~deb12u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmTOj+AACgkQAAyEYu0C
2AK4hw/+IqYa65blruup8jZigzY38U60+U+yzSa1MTtV04Nfv5UUMHw/AuSDi/ap
U5Vcee/oAb8pFeaZFODPY4k6vHUSjc4iL21zG4X0nYvNL7S9KZOS8TlxLVbbDElu
VLv3La7yB++vzv64DdU/ZuRkbuqowImesSxV8PFMaeJCWzMGX1Ck4jqqOPewmOAl
EEc9sFQHavZIdsC7kYGYcJi5UDgHUdG7K1JwKmDyQ+cW4CiTHIpGshpBnOyz7Kx9
AxTMscAqkigJznjY5kzWe5koFzZY7WTGmxmy7fjepEzB/Zdbl2+FRgFl3UHrd6kj
90blbnyTT6C+/PXkMR8dbeC2y7yTWZoeyyedRu2m700IdZVR19DKCwNj2TaFXD28
GKLe7fYKusyvPx63JVmHk6p9wokInOyimn+4Ldwv6q2CUAMXOLpia9hEjljrE1nj
CNbgyJFsgJTbW069GhkABySNKeQbFd4OCZxemb6jcJsXn3pRWoK/32B8tu/srzJo
OtdcuHC2TEyQS1EzgzJ25WrvcGkgTaz0eoemcXMdvp31xqWpmJEJoQ95Q/lwskq3
5e0mOH3AabSDVioImrBNtjnDcPP7Sy8Mq70pv+qx6fQZZnnFUD7YLr8D4KcayUSP
8M6hBjOj1qAJnXb2N2Cw2YRwYhcsFXQ9d7qbC7C03bEFIsSIx0A=VbdY
-----END PGP SIGNATURE-----

Related news

Gentoo Linux Security Advisory 202401-04

Gentoo Linux Security Advisory 202401-4 - Several vulnerabilities have been found in WebKitGTK+, the worst of which can lead to remote code execution. Versions greater than or equal to 2.42.3:4 are affected.

Ubuntu Security Notice USN-6289-1

Ubuntu Security Notice 6289-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

CVE-2023-32437: About the security content of iOS 16.6 and iPadOS 16.6

The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of its sandbox.

CVE-2023-38597: About the security content of Safari 16.6

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.

CVE-2023-32437: About the security content of iOS 16.6 and iPadOS 16.6

The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of its sandbox.

CVE-2023-38410: About the security content of macOS Ventura 13.5

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges.

CVE-2023-32437: About the security content of iOS 16.6 and iPadOS 16.6

The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of its sandbox.

CVE-2023-38597: About the security content of Safari 16.6

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.

CVE-2023-38410: About the security content of macOS Ventura 13.5

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges.

CVE-2023-38606: About the security content of watchOS 9.6

This issue was addressed with improved state management. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, tvOS 16.6, watchOS 9.6, macOS Ventura 13.5, iOS 15.7.8 and iPadOS 15.7.8. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.

CVE-2023-38597: About the security content of Safari 16.6

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.

CVE-2023-32437: About the security content of iOS 16.6 and iPadOS 16.6

The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of its sandbox.

CVE-2023-38606: About the security content of watchOS 9.6

This issue was addressed with improved state management. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, tvOS 16.6, watchOS 9.6, macOS Ventura 13.5, iOS 15.7.8 and iPadOS 15.7.8. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.

CVE-2023-38410: About the security content of macOS Ventura 13.5

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges.

CVE-2023-38597: About the security content of Safari 16.6

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.

CVE-2023-38606: About the security content of watchOS 9.6

This issue was addressed with improved state management. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, tvOS 16.6, watchOS 9.6, macOS Ventura 13.5, iOS 15.7.8 and iPadOS 15.7.8. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.

CVE-2023-38597: About the security content of Safari 16.6

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.

CVE-2023-38606: About the security content of watchOS 9.6

This issue was addressed with improved state management. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, tvOS 16.6, watchOS 9.6, macOS Ventura 13.5, iOS 15.7.8 and iPadOS 15.7.8. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.

CVE-2023-38597: About the security content of Safari 16.6

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.

CVE-2023-38410: About the security content of macOS Ventura 13.5

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges.

CVE-2023-32437: About the security content of iOS 16.6 and iPadOS 16.6

The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of its sandbox.

CVE-2023-38410: About the security content of macOS Ventura 13.5

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges.

CVE-2023-32437: About the security content of iOS 16.6 and iPadOS 16.6

The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of its sandbox.

CVE-2023-32437: About the security content of iOS 16.6 and iPadOS 16.6

The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of its sandbox.

CVE-2023-38597: About the security content of Safari 16.6

The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.

CVE-2023-38606: About the security content of watchOS 9.6

This issue was addressed with improved state management. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, tvOS 16.6, watchOS 9.6, macOS Ventura 13.5, iOS 15.7.8 and iPadOS 15.7.8. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.

CVE-2023-38606: About the security content of watchOS 9.6

This issue was addressed with improved state management. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, tvOS 16.6, watchOS 9.6, macOS Ventura 13.5, iOS 15.7.8 and iPadOS 15.7.8. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.

CVE-2023-38410: About the security content of macOS Ventura 13.5

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges.

CVE-2023-38410: About the security content of macOS Ventura 13.5

The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges.

Apple Security Advisory 2023-07-24-8

Apple Security Advisory 2023-07-24-8 - watchOS 9.6 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-8

Apple Security Advisory 2023-07-24-8 - watchOS 9.6 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-8

Apple Security Advisory 2023-07-24-8 - watchOS 9.6 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-8

Apple Security Advisory 2023-07-24-8 - watchOS 9.6 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-8

Apple Security Advisory 2023-07-24-8 - watchOS 9.6 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-8

Apple Security Advisory 2023-07-24-8 - watchOS 9.6 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-7

Apple Security Advisory 2023-07-24-7 - tvOS 16.6 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-7

Apple Security Advisory 2023-07-24-7 - tvOS 16.6 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-7

Apple Security Advisory 2023-07-24-7 - tvOS 16.6 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-7

Apple Security Advisory 2023-07-24-7 - tvOS 16.6 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-7

Apple Security Advisory 2023-07-24-7 - tvOS 16.6 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-7

Apple Security Advisory 2023-07-24-7 - tvOS 16.6 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-4

Apple Security Advisory 2023-07-24-4 - macOS Ventura 13.5 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-4

Apple Security Advisory 2023-07-24-4 - macOS Ventura 13.5 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-4

Apple Security Advisory 2023-07-24-4 - macOS Ventura 13.5 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-4

Apple Security Advisory 2023-07-24-4 - macOS Ventura 13.5 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-4

Apple Security Advisory 2023-07-24-4 - macOS Ventura 13.5 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-4

Apple Security Advisory 2023-07-24-4 - macOS Ventura 13.5 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-4

Apple Security Advisory 2023-07-24-4 - macOS Ventura 13.5 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 2023-07-24-1

Apple Security Advisory 2023-07-24-1 - Safari 16.6 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 2023-07-24-1

Apple Security Advisory 2023-07-24-1 - Safari 16.6 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 2023-07-24-1

Apple Security Advisory 2023-07-24-1 - Safari 16.6 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 2023-07-24-1

Apple Security Advisory 2023-07-24-1 - Safari 16.6 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 2023-07-24-1

Apple Security Advisory 2023-07-24-1 - Safari 16.6 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 2023-07-24-1

Apple Security Advisory 2023-07-24-1 - Safari 16.6 addresses bypass and code execution vulnerabilities.

Apple Security Advisory 2023-07-24-1

Apple Security Advisory 2023-07-24-1 - Safari 16.6 addresses bypass and code execution vulnerabilities.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution