Home / mailingsPDF  

[SECURITY] [DSA 5762-1] webkit2gtk security update

Posted on 30 August 2024
Debian Security Advisory

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5762-1 security@debian.org
https://www.debian.org/security/ Alberto Garcia
August 30, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : webkit2gtk
CVE ID : CVE-2024-4558 CVE-2024-40776 CVE-2024-40779 CVE-2024-40780
CVE-2024-40782 CVE-2024-40785 CVE-2024-40789 CVE-2024-40794

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2024-4558

An anonymous researcher discovered that processing maliciously
crafted web content may lead to an unexpected process crash.

CVE-2024-40776

Huang Xilin discovered that processing maliciously crafted web
content may lead to an unexpected process crash.

CVE-2024-40779

Huang Xilin discovered that processing maliciously crafted web
content may lead to an unexpected process crash.

CVE-2024-40780

Huang Xilin dicovered that processing maliciously crafted web
content may lead to an unexpected process crash.

CVE-2024-40782

Maksymilian Motyl discovered that processing maliciously crafted
web content may lead to an unexpected process crash.

CVE-2024-40785

Johan Carlsson discovered that processing maliciously crafted web
content may lead to a cross site scripting attack.

CVE-2024-40789

Seunghyun Lee discovered that processing maliciously crafted web
content may lead to an unexpected process crash.

CVE-2024-40794

Matthew Butler discovered that private Browsing tabs may be
accessed without authentication.

For the stable distribution (bookworm), these problems have been fixed in
version 2.44.3-1~deb12u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

 

TOP

Mailings :

Exploits :