Debian Linux Security Advisory 5527-1 - Marcin Noga discovered that a specially crafted web page can abuse a vulnerability in the MediaRecorder API to cause memory corruption and potentially arbitrary code execution. Junsung Lee and Me Li discovered that processing web content may lead to arbitrary code execution. Bill Marczak and Maddie Stone discovered that processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
d62707100da90e7c8560c32373576a042f7f047cdbc704242f9e1e1c250d8e49-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5527-1 security@debian.org
https://www.debian.org/security/ Alberto Garcia
October 12, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : webkit2gtk
CVE ID : CVE-2023-39928 CVE-2023-41074 CVE-2023-41993
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2023-39928
Marcin Noga discovered that a specially crafted web page can abuse
a vulnerability in the MediaRecorder API to cause memory
corruption and potentially arbitrary code execution.
CVE-2023-41074
Junsung Lee and Me Li discovered that processing web content may
lead to arbitrary code execution.
CVE-2023-41993
Bill Marczak and Maddie Stone discovered that processing web
content may lead to arbitrary code execution. Apple is aware of a
report that this issue may have been actively exploited.
For the oldstable distribution (bullseye), these problems have been fixed
in version 2.42.1-1~deb11u1.
For the stable distribution (bookworm), these problems have been fixed in
version 2.42.1-1~deb12u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmUoSJAACgkQAAyEYu0C
2AI3Xg//YRhE5mSszGaNvp7i/2KXs4xBSP4k8mJ+EG2SDOKxIeiu2HU5PhGmhrSp
PmJE3xFU5R2mov03nwu0yPKve6iijgYdh1evPBgSdexLJjJciasu5GtIl+MAmrq1
r7qVro8GabC4Ul4ALRp7k3qxFR2+wPD1jfFlKHavxpc8gSmfBLlLoOwfsNhmXXz5
eI87n7tbp35/nDv1m/VU/BkQh1LWqGQlO7sU25I/y2Vz/5SMyYuwjquSIVOkxVYm
UM2QntYVuRO+sooZHSDzjBpB4Wn99jWAPq7jYwec7tmATKE/Yea3rQQ7b5b6rk+t
Pp+TDsjx17uL3c656rGrf5vy0F4udxgCtRvEXCpf2Dn2DLKV3xudKwn99cwj2Vco
4fKZLjtbpLUqCtbcGZ3OhSHNatbXW6lvdAlb/vQI/N5TDwVHQlRygUSVGumiO6T9
eNCVc/IEUeyD7hfpcUglMNXroxaFelViAfjadj5NrOsbS0eRgfzhSAFY0MwE7quC
0j1RgfNgM6RmkWEyWzLjHcmDr+eX2SFDRAcb+re6EoAAzuIY22Db+SlXgTiVBIPv
bIu++eOnIo92uUKjFaKCXF6NGEBRhkYx5MpdRXGw0ehVuZ4ueWvuZAcFC5z5GSMN
o36hFYQ/p8K06OFuBKzP9ce76BXsGWIBQiDz1mbP69E4jwBT3b4=oxcS
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed