Headline
Debian Security Advisory 5580-1
Debian Linux Security Advisory 5580-1 - The Zoom Offensive Security Team discovered that processing a SVG image may lead to a denial-of-service.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Debian Security Advisory DSA-5580-1 [email protected]
https://www.debian.org/security/ Alberto Garcia
December 18, 2023 https://www.debian.org/security/faq
Package : webkit2gtk
CVE ID : CVE-2023-42883
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2023-42883
The Zoom Offensive Security Team discovered that processing a SVG
image may lead to a denial-of-service.
For the oldstable distribution (bullseye), this problem has been fixed
in version 2.42.4-1~deb11u1.
For the stable distribution (bookworm), this problem has been fixed in
version 2.42.4-1~deb12u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmWAmlsACgkQAAyEYu0C
2AKE4A/+K1bfikREQtpbuNTEDrurBYkeeCHK3hVTbj3s+x9E2LXfPDhgGMq42a5y
Mfy8+cKeSXAFrWUEOCcJ73Ws05xNJamNclzfDiQGxJlSRombZXM1XROtyvFy3gUc
nwWANsA8mPMfK22cZ7M/jQglyHlxIVQSbI18qDSxAN7Golo3bvve8zgtTL9phbLK
qaGC0jw4r3BbQNnQxwJJiSi4B+JdNIalWYuiRZQGoZqTrpqY9fFbpmP1N2JP32fN
rCPbFMN2YoLTdfALTmLKp4Hd88QdjFMj+DS7+0Lp1J40z3mfOODJIlybUcMKlbI8
VWAZx3uhQxylzC9iWFkA99Igfc9mQdlvpOHMOgRaSYkeI3Ymp9im/GCn7/MylwhL
BKmQS08+1s0qI8st8+rGwkCiCJdeA8pZonjvXGhsSYFWtODrFUwGwf+F1AbzaMOy
ylwC2IawL13g8ruVlCwRtyKZctyGLYmOzjka2uq6AkIzMmaPujVwh9uYVv5iW/UX
PedPlod5TacMnanjNLQDG+ZiEaHU/2P3kxRwW3nMmnS/H+3wYkPMOIqXDwTxw5kv
woaTc8zCJHcHZ90HfRjKsZqlrTORjeleTPrdKWvjCyoyMkWDftOuLYh/YXek0Etr
Cud+gmpHgK6BS5pRd/Ctx1P9a+DEQelau61m/Kib4QPTXRa8/K4=
=afkP
-----END PGP SIGNATURE-----
Related news
Ubuntu Security Notice 6582-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Apple Security Advisory 12-11-2023-8 - watchOS 10.2 addresses code execution and out of bounds read vulnerabilities.
Apple Security Advisory 12-11-2023-7 - tvOS 17.2 addresses code execution and out of bounds read vulnerabilities.
Apple Security Advisory 12-11-2023-4 - macOS Sonoma 14.2 addresses code execution, out of bounds read, and spoofing vulnerabilities.
Apple Security Advisory 12-11-2023-3 - iOS 16.7.3 and iPadOS 16.7.3 addresses code execution and out of bounds read vulnerabilities.
Apple Security Advisory 12-11-2023-2 - iOS 17.2 and iPadOS 17.2 addresses code execution and spoofing vulnerabilities.
Apple Security Advisory 12-11-2023-1 - Safari 17.2 addresses code execution vulnerabilities.
Apple on Monday released security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to address multiple security flaws, in addition to backporting fixes for two recently disclosed zero-days to older devices. This includes updates for 12 security vulnerabilities in iOS and iPadOS spanning AVEVideoEncoder, ExtensionKit, Find My, ImageIO, Kernel, Safari
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution.
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2. An app may be able to access sensitive user data.