Debian Linux Security Advisory 5308-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. Maddie Stone discovered that processing maliciously crafted web content may lead to arbitrary code execution. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Multiple other issues were also addressed.
14928aa1c41eb7f7fba504e112497c87923df5cb9caf334ac3fa7072e2ab78aa-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5308-1 security@debian.org
https://www.debian.org/security/ Alberto Garcia
December 31, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : webkit2gtk
CVE ID : CVE-2022-42852 CVE-2022-42856 CVE-2022-42867 CVE-2022-46692
CVE-2022-46698 CVE-2022-46699 CVE-2022-46700
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2022-42852
hazbinhotel discovered that processing maliciously crafted web
content may result in the disclosure of process memory.
CVE-2022-42856
Clement Lecigne discovered that processing maliciously crafted web
content may lead to arbitrary code execution.
CVE-2022-42867
Maddie Stone discovered that processing maliciously crafted web
content may lead to arbitrary code execution.
CVE-2022-46692
KirtiKumar Anandrao Ramchandani discovered that processing
maliciously crafted web content may bypass Same Origin Policy.
CVE-2022-46698
Dohyun Lee and Ryan Shin discovered that processing maliciously
crafted web content may disclose sensitive user information.
CVE-2022-46699
Samuel Gross discovered that processing maliciously crafted web
content may lead to arbitrary code execution.
CVE-2022-46700
Samuel Gross discovered that processing maliciously crafted web
content may lead to arbitrary code execution.
For the stable distribution (bullseye), these problems have been fixed in
version 2.38.3-1~deb11u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmOvgQAACgkQAAyEYu0C
2AJQTw/6Ahzd4VSPxKke5OlXL0Y8DuzGL6tX8syekKBYUKo2SXoZLy7d+usaSS1N
85Nfbzk/EvUmFr1zsy8SWVwpTZ0d+kIaIONGHXgLZsF89jFlXMcOav3KCfaliVvd
VpOtyrE1GuLpnu2718uqI0q5QsprIJAAXuAQCTa4uYr0bnliVKvI7evNIIayooIJ
8FY5Hrf13F2UXMvdU3qdpDAYoHGidO81d5yR4bijnP+PyDCTT2MWX5gOaKuUkwa0
miM4QJBzARI/ys5+jHJ+YrFaGi8I/c7/DxzAwjy0CbTe6zDrqwfisLTUc6m7h41O
UOvJVY7EWaidIldtW8iZilfK82IhX66fcEhTYuM7JfcKoDKMRzegP5vtCT7PxW0C
gpxuW24ppbEIrXoTSKbHD+1w0QoitwCnJ11aj68TlaLHaeqkt5y5lGgR/Ozbfh3k
ABLALtsjqv28ao8iXUcOlACeVrCYOMaNBB9wtKAiIB88xDvCAX7bWAMdiCa+RXL7
iEoERbREZX9GJEdiVxdCFPbbN3jPWqYdvjEFlpmB1crEpAMPTNriFWChLdcGLjz6
QBgK5Oz2EbExajQ2msCGomK2mWLwhMuHqd7M7b44VOoPqGqrdp6u9iVEa5y7+NAi
qG+oeME8Togvm9xWS2hxu11M9sXyAYENHwLazAhg7sihTjXUa28=1oK1
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed