Debian alert DLA-3864-1 (webkit2gtk)
| From: | Emilio Pozuelo Monfort <pochu@debian.org> | |
| To: | <debian-lts-announce@lists.debian.org> | |
| Subject: | [SECURITY] [DLA 3864-1] webkit2gtk security update | |
| Date: | Mon, 02 Sep 2024 22:49:47 +0200 | |
| Message-ID: | <20240902204947.D9A912A73E4@andromeda> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3864-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort September 02, 2024 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : webkit2gtk Version : 2.44.3-1~deb11u1 CVE ID : CVE-2024-4558 CVE-2024-40776 CVE-2024-40779 CVE-2024-40780 CVE-2024-40782 CVE-2024-40785 CVE-2024-40789 CVE-2024-40794 The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2024-4558 An anonymous researcher discovered that processing maliciously crafted web content may lead to an unexpected process crash. CVE-2024-40776 Huang Xilin discovered that processing maliciously crafted web content may lead to an unexpected process crash. CVE-2024-40779 Huang Xilin discovered that processing maliciously crafted web content may lead to an unexpected process crash. CVE-2024-40780 Huang Xilin dicovered that processing maliciously crafted web content may lead to an unexpected process crash. CVE-2024-40782 Maksymilian Motyl discovered that processing maliciously crafted web content may lead to an unexpected process crash. CVE-2024-40785 Johan Carlsson discovered that processing maliciously crafted web content may lead to a cross site scripting attack. CVE-2024-40789 Seunghyun Lee discovered that processing maliciously crafted web content may lead to an unexpected process crash. CVE-2024-40794 Matthew Butler discovered that private Browsing tabs may be accessed without authentication. For Debian 11 bullseye, these problems have been fixed in version 2.44.3-1~deb11u1. We recommend that you upgrade your webkit2gtk packages. For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmbWJOkACgkQnUbEiOQ2 gwLDwBAAioDVdT5GsjJxq5QRZCP1LhSFD8ICBN/pelHKX2nnbAOq8YT/GZTbUnLB kiJGnAn3f/B1Z+brYrnX00ZMd0XbNlbiNxcrS3i7TvZj5jmQCkEh7ld5HlHrsGoz a0dhnWl+4lCYSGEPu2tG0qTLEKqkM5VH26JZA3wffl7Xl/xhVwGNAur0tTFivApI 8TR00wuBNMFqsLPcgKla1FSrEy+IvXbQc+uixeuPpx74EVIdOAyW3960/ynAbaMw RUePHNJQsoq29ZJxbj57GO94cad/awMh2BsX/xL/DKuLAP1o6Tp+qBu1Msml158B Zj1vtnQWrim0j18dIs3vaDKAob0zWMMDajT9ovUqEROoAEtluyXCTLBS6of+HrFW 8dEQ+d+0NIww2KQartofMi3c+SURtaPO0QUrMJWdZkPvPycTPk+FBxFKYhRwVR1k oEtEpvqwJ2g76SWmzFWzGQxkTbrg5mrS7Y4XC+CJI6wZ0qBgzb0YONlaSmD0qc+Q 8tXkaUkmROa+aPArkLVCN8LB63nKYv/a3ZqedSgncakOUmC+h5jvkYsXKaPUImQN C2vHvMK0Z3Fb98XzrMIFJIQNS6UW41CmEAxHM9dMQU88P0z5IswLwnwdOIb9j7O1 2j0lsfFlagspbhW4e9oG4EzqvT99uorTrjo+MijB2rDTup25Xhw= =e5Jm -----END PGP SIGNATURE-----