Debian alert DLA-3982-1 (webkit2gtk)
| From: | Emilio Pozuelo Monfort <pochu@debian.org> | |
| To: | <debian-lts-announce@lists.debian.org> | |
| Subject: | [SECURITY] [DLA 3982-1] webkit2gtk security update | |
| Date: | Tue, 03 Dec 2024 09:32:25 +0100 | |
| Message-ID: | <20241203083225.4D1382A0437@andromeda> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3982-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 03, 2024 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : webkit2gtk Version : 2.46.4-1~deb11u1 CVE ID : CVE-2024-44308 CVE-2024-44309 The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2024-44308 Clement Lecigne and Benoit Sevens discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. CVE-2024-44309 Clement Lecigne and Benoit Sevens discovered that processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. For Debian 11 bullseye, these problems have been fixed in version 2.46.4-1~deb11u1. We recommend that you upgrade your webkit2gtk packages. For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmdOwhYACgkQnUbEiOQ2 gwJRgBAAgiyvtGL/sC2/SmNAGYeYw5T2vFan3YXJ69G737GA50EIkSBnjhrof2/q Hb2lbvU1Bffc6TrSFGENYNK56e1wZ+F4EJDg2eLl/sA+BHrAO3//1GrWALfU8sAq 4zLD8NbmZyCy8qa/zNCRiqWXchst9IW6fqS9QsdG/dPPAPiPw+CS7Gbt8uiBCX6F GmyNlEpyohG4p7VNQAFdCfzzVt4N0a+7aq6UsAybOPVHuA3gVF0VLWTqq5Cyx9PN B1Hhn1Uzmfvp/86+qJwS7xtrGRGb0oa75Ac+WV3Bpa/Hz0h/02C90gZqy5muKHNp vhg55Qes+vgHQRw3dS9ZdaDHtTh8pN4CRy4V/b/jCe02d+5tGEObsJf1Slz4ZG4K Ll3MLZYtgpttqhFvZ44UPMJ7K333LSUB8ddACCnWRgOrmmvOdFNOocOU4fiZ/xXP vx4xaaijCIgoMBejsqdhjwsWhy+vqh9TAEN+/lOMdFSYtYq+qJ+ZCdW/t/y4fci9 ADlVoIV57GhjBJ0jJXksAfYRqtu2sgYxKubVbJTrlitzjW2geAfJeMdvbxPFelIL 9zYDSSjZsiSqWuA8aDgAVlweAlEKo1ax2aiW5cbaykM54DZCQrK94MjgP/DkpPyh byakPSLu1qZL7TJOxsfhVE97nAxEo/g/+rZ5X/0nwCTFAfiZpPg= =4R43 -----END PGP SIGNATURE-----