exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Security Advisory 5309-1

Debian Security Advisory 5309-1
Posted Jan 2, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5309-1 - Vulnerabilities have been discovered in the WPE WebKit web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Dohyun Lee and Ryan Shin discovered that processing maliciously crafted web content may disclose sensitive user information. Various other issues have also been addressed.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2022-42852, CVE-2022-42856, CVE-2022-42867, CVE-2022-46692, CVE-2022-46698, CVE-2022-46699, CVE-2022-46700
SHA-256 | b6a4ddff8422c104447a74d4cd2afa4b8991b2e496ca694ad77acf12e52cc9e6

Debian Security Advisory 5309-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5309-1 security@debian.org
https://www.debian.org/security/ Alberto Garcia
December 31, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : wpewebkit
CVE ID : CVE-2022-42852 CVE-2022-42856 CVE-2022-42867 CVE-2022-46692
CVE-2022-46698 CVE-2022-46699 CVE-2022-46700

The following vulnerabilities have been discovered in the WPE WebKit
web engine:

CVE-2022-42852

hazbinhotel discovered that processing maliciously crafted web
content may result in the disclosure of process memory.

CVE-2022-42856

Clement Lecigne discovered that processing maliciously crafted web
content may lead to arbitrary code execution.

CVE-2022-42867

Maddie Stone discovered that processing maliciously crafted web
content may lead to arbitrary code execution.

CVE-2022-46692

KirtiKumar Anandrao Ramchandani discovered that processing
maliciously crafted web content may bypass Same Origin Policy.

CVE-2022-46698

Dohyun Lee and Ryan Shin discovered that processing maliciously
crafted web content may disclose sensitive user information.

CVE-2022-46699

Samuel Gross discovered that processing maliciously crafted web
content may lead to arbitrary code execution.

CVE-2022-46700

Samuel Gross discovered that processing maliciously crafted web
content may lead to arbitrary code execution.

For the stable distribution (bullseye), these problems have been fixed in
version 2.38.3-1~deb11u1.

We recommend that you upgrade your wpewebkit packages.

For the detailed security status of wpewebkit please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wpewebkit

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmOvgR0ACgkQAAyEYu0C
2AJ1whAAlHxhqKrBKVR6sCPX5DFL7UGiVkIX85tUdD4ABpECeSRWFnwgx7im1g0d
JP8f/b4x9hmRZpTHnD/UCuUtPaVrLQbkhyCXnk71oe1EzQGtiFSNGpeFX8JEH/w+
h+3ITIg+ccJM5uHNpC0METgWMDOUTQpfDMq0BPsWkqcRrFa0lt10Geb0o+dYAzQ9
YKuULrcNl/aelSzowPIV9AUqHJvwTfh0EQOf99JVJlVcXXVls7NbjjZHhGoLNCHd
cRLjkB/iUFWVUqq42O4PRj3v7Lb9CWBM0OUFNUpjWdGVaXQD6kBDkGfz+4afnU1Q
+vqg8cU7a3mFhZ5c8mn1zeynR+/5D+IfZTbMFfLQoe8T5cEOjUCFOAMgM0VC+sDs
1bI5RQDeFF4LzXROcDeW5QCsvefeqhIfkRc9pcJcktM1jDLCTFSRp6/ReQ6QfrZB
Vs3x2PBEoECknq9xUaL9USQEoy7EXpEXcIdWo/CuSgNpotKu2pkorFXAogYfTYpT
YqCwVnviQqKExE6r7mE7ixPY2YEzmsBxVIT7amv4VCbf1NuU2WfWdpLOQ/9liits
hN9xNJCzo/ZWj9/j9Gm0YHKhABBjfbUrzSD52HxqpPQaij3ZxEERh2XDogyCKg+6
D7ZFmgvzL9dS1Uq0wOuys0tDRrbAQg76TrrYHj0DdMswURuOUgY=equ6
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close