Debian alert DSA-5823-1 (webkit2gtk)
| From: | Alberto Garcia <berto@debian.org> | |
| To: | debian-security-announce@lists.debian.org | |
| Subject: | [SECURITY] [DSA 5823-1] webkit2gtk security update | |
| Date: | Mon, 02 Dec 2024 22:59:17 +0000 | |
| Message-ID: | <Z047xVqMxg4zcBKG@seger.debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5823-1 security@debian.org https://www.debian.org/security/ Alberto Garcia December 02, 2024 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : webkit2gtk CVE ID : CVE-2024-44308 CVE-2024-44309 The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2024-44308 Clement Lecigne and Benoit Sevens discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. CVE-2024-44309 Clement Lecigne and Benoit Sevens discovered that processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. For the stable distribution (bookworm), these problems have been fixed in version 2.46.4-1~deb12u1. We recommend that you upgrade your webkit2gtk packages. For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmdOKWgACgkQAAyEYu0C 2AKrzQ/+MLk4EQ2c7zkYM1BU8PzgI1oNGvvl6VTcM696OWCvnj+hzyFLFsrwtwoc GeZ+Enz6VKBvtsXxTDgXLXw9NbFfFiVX2LnlIOzPcqfBXg9RTs70WwSM4CGUHTBs nPK1yixyYjCOy4MrlaCKrHttlrxqvK7VJeY0RypTfAkJlhzmHHdSpCfYAlJXtpFb dbGtP7pSxBnguTWq+oJFTG2wjyXjLcfd81QgcpOgINtnyn4hQaVVJOHr/H9+xoV5 Rz6iGRS+MpmXyqc2kw2alEfY8UxfaP8K9X2u0A/YV8t+N6GKBLUNOo+XlFIFFb/J vbPbXRqaKCQzW0sIZ5um4Q9aBLX3JUiZIuz6+4lb5NTBbhnpjkG+EBGaoqG3OodY bZ9qmFZpXUYE/vSUzAcRWNsD6jWFV89Exu1BivAZdJ7J7tYzvs/2szHsATMkNjZo Twb6LH7PBd90hU6PETbuknrBgYd5dbdXXKn+v3SH9HXLMLd5S+xobEOMtGjG2zsd Z46JPP1FNqPDY+rHhWCDyVcvRnXx0WhY7PrGV/rjJ89M9xVYVZc136Bx8xrrULmo ZiAFBnz5VZRdeF/ma/inzsb8vXDCPX+0ruxtHdISiJf3Shjqft2mdfcR5mwPazab 9GD3rCMl42A0Tftjg7b4f5J1x3ufy+kvfs+fEQ0jXYIuvoh7kF4= =v253 -----END PGP SIGNATURE-----