Headline
Debian Security Advisory 5823-1
Debian Linux Security Advisory 5823-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. Clement Lecigne and Benoit Sevens discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. Clement Lecigne and Benoit Sevens discovered that processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Debian Security Advisory DSA-5823-1 [email protected]
https://www.debian.org/security/ Alberto Garcia
December 02, 2024 https://www.debian.org/security/faq
Package : webkit2gtk
CVE ID : CVE-2024-44308 CVE-2024-44309
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2024-44308
Clement Lecigne and Benoit Sevens discovered that processing
maliciously crafted web content may lead to arbitrary code
execution. Apple is aware of a report that this issue may have
been actively exploited on Intel-based Mac systems.
CVE-2024-44309
Clement Lecigne and Benoit Sevens discovered that processing
maliciously crafted web content may lead to a cross site scripting
attack. Apple is aware of a report that this issue may have been
actively exploited on Intel-based Mac systems.
For the stable distribution (bookworm), these problems have been fixed in
version 2.46.4-1~deb12u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmdOKWgACgkQAAyEYu0C
2AKrzQ/+MLk4EQ2c7zkYM1BU8PzgI1oNGvvl6VTcM696OWCvnj+hzyFLFsrwtwoc
GeZ+Enz6VKBvtsXxTDgXLXw9NbFfFiVX2LnlIOzPcqfBXg9RTs70WwSM4CGUHTBs
nPK1yixyYjCOy4MrlaCKrHttlrxqvK7VJeY0RypTfAkJlhzmHHdSpCfYAlJXtpFb
dbGtP7pSxBnguTWq+oJFTG2wjyXjLcfd81QgcpOgINtnyn4hQaVVJOHr/H9+xoV5
Rz6iGRS+MpmXyqc2kw2alEfY8UxfaP8K9X2u0A/YV8t+N6GKBLUNOo+XlFIFFb/J
vbPbXRqaKCQzW0sIZ5um4Q9aBLX3JUiZIuz6+4lb5NTBbhnpjkG+EBGaoqG3OodY
bZ9qmFZpXUYE/vSUzAcRWNsD6jWFV89Exu1BivAZdJ7J7tYzvs/2szHsATMkNjZo
Twb6LH7PBd90hU6PETbuknrBgYd5dbdXXKn+v3SH9HXLMLd5S+xobEOMtGjG2zsd
Z46JPP1FNqPDY+rHhWCDyVcvRnXx0WhY7PrGV/rjJ89M9xVYVZc136Bx8xrrULmo
ZiAFBnz5VZRdeF/ma/inzsb8vXDCPX+0ruxtHdISiJf3Shjqft2mdfcR5mwPazab
9GD3rCMl42A0Tftjg7b4f5J1x3ufy+kvfs+fEQ0jXYIuvoh7kF4=
=v253
-----END PGP SIGNATURE-----
Related news
Red Hat Security Advisory 2024-10492-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2024-10483-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2024-10472-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Issues addressed include a bypass vulnerability.
Apple Security Advisory 11-19-2024-5 - macOS Sequoia 15.1.1 addresses code execution vulnerabilities.
Apple Security Advisory 11-19-2024-5 - macOS Sequoia 15.1.1 addresses code execution vulnerabilities.
Apple Security Advisory 11-19-2024-4 - iOS 17.7.2 and iPadOS 17.7.2 addresses code execution vulnerabilities.
Apple Security Advisory 11-19-2024-4 - iOS 17.7.2 and iPadOS 17.7.2 addresses code execution vulnerabilities.
Apple Security Advisory 11-19-2024-3 - iOS 18.1.1 and iPadOS 18.1.1 addresses code execution vulnerabilities.
Apple Security Advisory 11-19-2024-3 - iOS 18.1.1 and iPadOS 18.1.1 addresses code execution vulnerabilities.
Though the information regarding the exploits is limited, the company did report that Intel-based Mac systems have been targeted by cybercriminals looking to exploit CVE-2024-44308 and CVE-2024-44309.
Though the information regarding the exploits is limited, the company did report that Intel-based Mac systems have been targeted by cybercriminals looking to exploit CVE-2024-44308 and CVE-2024-44309.
Apple has released security updates that look especially important for Intel-based Macs because they are already being exploited in the wild.
Apple has released security updates that look especially important for Intel-based Macs because they are already being exploited in the wild.