Headline
Debian Security Advisory 5762-1
Debian Linux Security Advisory 5762-1 - The WebKitGTK web engine suffers from multiple vulnerabilities. An anonymous researcher discovered that processing maliciously crafted web content may lead to an unexpected process crash. Huang Xilin discovered that processing maliciously crafted web content may lead to an unexpected process crash. Huang Xilin discovered that processing maliciously crafted web content may lead to an unexpected process crash. More issues are listed in this advisory.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Debian Security Advisory DSA-5762-1 [email protected]
https://www.debian.org/security/ Alberto Garcia
August 30, 2024 https://www.debian.org/security/faq
Package : webkit2gtk
CVE ID : CVE-2024-4558 CVE-2024-40776 CVE-2024-40779 CVE-2024-40780
CVE-2024-40782 CVE-2024-40785 CVE-2024-40789 CVE-2024-40794
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2024-4558
An anonymous researcher discovered that processing maliciously
crafted web content may lead to an unexpected process crash.
CVE-2024-40776
Huang Xilin discovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2024-40779
Huang Xilin discovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2024-40780
Huang Xilin dicovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2024-40782
Maksymilian Motyl discovered that processing maliciously crafted
web content may lead to an unexpected process crash.
CVE-2024-40785
Johan Carlsson discovered that processing maliciously crafted web
content may lead to a cross site scripting attack.
CVE-2024-40789
Seunghyun Lee discovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2024-40794
Matthew Butler discovered that private Browsing tabs may be
accessed without authentication.
For the stable distribution (bookworm), these problems have been fixed in
version 2.44.3-1~deb12u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmbR5W8ACgkQAAyEYu0C
2ALznQ//bOsY+Xe6T18/q0zsHnyvCV/jxwfjrCUF+OVlulP5LJlrD6uQBdqMr5Jk
9cRcS+qxc/lnqOGU12+MSc2tfvn9XSl5dqZFTHxCH4ztWDjNBzxKrHk82RIkAQ9p
UVzrslRIVrZKlqbeBOCIlJSzc6GEJi5Msxy/4lnSbQ380WGfWQ26mplmgnLQgOL1
OIInHO8VAonPU2I4v4G+BZA1lEKOsoJqXxdg8hsgyBiP4CDcxrpeN6SrPMARUObX
CAsj+jsm4v8Bj7Wd8KvV4W3H137YmyrjPghWQwgmvyf+rvR1JjDwcXBTuAPv4HTC
FQAFbVLoeQSLSpMO3b2oQ0s9f8o93/gbc4n7WyTYac/6IzxT/oH9uKwQABzWBg6C
qcUBgJ1Z7rx9/PgQjWeT7uZdJkT7o7Eux2wtzud82jTM5goOCCqpZo93D35txiIu
sRMoCaszdH65TJxLjPrJFargLw7x2kN0RJUAK167tnEsX56TWIGF+K7BQAr1YpS1
mf3+2VC632yp5MXoejBsGDE4bH1OlgKF8xEs13V2LTb3w1ursC046LcOHLURIwX1
+Cw49Pe6A0nhyv5raUaBzGvV9DbptTM+in8nCI4YXKlcQA87MjOORdVUnW1HWzZe
PiRFGBay5dgSJW9ebTwVJQxNd2QKWZrLRDOLDhJuucxIZf+Fsb8=
=SAKx
-----END PGP SIGNATURE-----
Related news
Red Hat Security Advisory 2024-9679-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-9680-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-9653-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-8180-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.
Apple Security Advisory 07-29-2024-9 - visionOS 1.3 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 07-29-2024-9 - visionOS 1.3 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 07-29-2024-9 - visionOS 1.3 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 07-29-2024-9 - visionOS 1.3 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 07-29-2024-9 - visionOS 1.3 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 07-29-2024-9 - visionOS 1.3 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 07-29-2024-8 - tvOS 17.6 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 07-29-2024-8 - tvOS 17.6 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 07-29-2024-8 - tvOS 17.6 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 07-29-2024-8 - tvOS 17.6 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 07-29-2024-8 - tvOS 17.6 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 07-29-2024-8 - tvOS 17.6 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 07-29-2024-7 - watchOS 10.6 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 07-29-2024-7 - watchOS 10.6 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 07-29-2024-7 - watchOS 10.6 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 07-29-2024-7 - watchOS 10.6 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 07-29-2024-7 - watchOS 10.6 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 07-29-2024-7 - watchOS 10.6 addresses bypass, information leakage, integer overflow, out of bounds access, out of bounds read, and use-after-free vulnerabilities.
Debian Linux Security Advisory 5683-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.