Debian Linux Security Advisory 5762-1 - The WebKitGTK web engine suffers from multiple vulnerabilities. An anonymous researcher discovered that processing maliciously crafted web content may lead to an unexpected process crash. Huang Xilin discovered that processing maliciously crafted web content may lead to an unexpected process crash. Huang Xilin discovered that processing maliciously crafted web content may lead to an unexpected process crash. More issues are listed in this advisory.
84334a31b07991491b6bf97b8a6dd18f35a882dd2e58fa59b968cb5797f2b082-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5762-1 security@debian.org
https://www.debian.org/security/ Alberto Garcia
August 30, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : webkit2gtk
CVE ID : CVE-2024-4558 CVE-2024-40776 CVE-2024-40779 CVE-2024-40780
CVE-2024-40782 CVE-2024-40785 CVE-2024-40789 CVE-2024-40794
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2024-4558
An anonymous researcher discovered that processing maliciously
crafted web content may lead to an unexpected process crash.
CVE-2024-40776
Huang Xilin discovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2024-40779
Huang Xilin discovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2024-40780
Huang Xilin dicovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2024-40782
Maksymilian Motyl discovered that processing maliciously crafted
web content may lead to an unexpected process crash.
CVE-2024-40785
Johan Carlsson discovered that processing maliciously crafted web
content may lead to a cross site scripting attack.
CVE-2024-40789
Seunghyun Lee discovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2024-40794
Matthew Butler discovered that private Browsing tabs may be
accessed without authentication.
For the stable distribution (bookworm), these problems have been fixed in
version 2.44.3-1~deb12u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmbR5W8ACgkQAAyEYu0C
2ALznQ//bOsY+Xe6T18/q0zsHnyvCV/jxwfjrCUF+OVlulP5LJlrD6uQBdqMr5Jk
9cRcS+qxc/lnqOGU12+MSc2tfvn9XSl5dqZFTHxCH4ztWDjNBzxKrHk82RIkAQ9p
UVzrslRIVrZKlqbeBOCIlJSzc6GEJi5Msxy/4lnSbQ380WGfWQ26mplmgnLQgOL1
OIInHO8VAonPU2I4v4G+BZA1lEKOsoJqXxdg8hsgyBiP4CDcxrpeN6SrPMARUObX
CAsj+jsm4v8Bj7Wd8KvV4W3H137YmyrjPghWQwgmvyf+rvR1JjDwcXBTuAPv4HTC
FQAFbVLoeQSLSpMO3b2oQ0s9f8o93/gbc4n7WyTYac/6IzxT/oH9uKwQABzWBg6C
qcUBgJ1Z7rx9/PgQjWeT7uZdJkT7o7Eux2wtzud82jTM5goOCCqpZo93D35txiIu
sRMoCaszdH65TJxLjPrJFargLw7x2kN0RJUAK167tnEsX56TWIGF+K7BQAr1YpS1
mf3+2VC632yp5MXoejBsGDE4bH1OlgKF8xEs13V2LTb3w1ursC046LcOHLURIwX1
+Cw49Pe6A0nhyv5raUaBzGvV9DbptTM+in8nCI4YXKlcQA87MjOORdVUnW1HWzZe
PiRFGBay5dgSJW9ebTwVJQxNd2QKWZrLRDOLDhJuucxIZf+Fsb8=
=SAKx
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed