|
|
Log in / Subscribe / Register

Debian alert DLA-3961-1 (webkit2gtk)



From:
              Emilio Pozuelo Monfort <pochu@debian.org>


To:
              <debian-lts-announce@lists.debian.org>


Subject:
              [SECURITY] [DLA 3961-1] webkit2gtk security update


Date:
              Fri, 22 Nov 2024 11:28:15 +0100


Message-ID:
              <20241122102815.C9C952AFF75@andromeda>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3961-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
November 22, 2024                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : webkit2gtk
Version        : 2.46.3-1~deb11u2
CVE ID         : CVE-2024-40866 CVE-2024-44185 CVE-2024-44187 CVE-2024-44244
                 CVE-2024-44296

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2024-40866

    Hafiizh and YoKo Kho discovered that visiting a malicious website
    may lead to address bar spoofing.

CVE-2024-44185

    Gary Kwong discovered that processing maliciously crafted web
    content may lead to an unexpected process crash.

CVE-2024-44187

    Narendra Bhati discovered that a malicious website may exfiltrate
    data cross-origin.

CVE-2024-44244

    An anonymous researcher, Q1IQ (@q1iqF) and P1umer discovered that
    processing maliciously crafted web content may lead to an
    unexpected process crash.

CVE-2024-44296

    Narendra Bhati discovered that processing maliciously crafted web
    content may prevent Content Security Policy from being enforced.

For Debian 11 bullseye, these problems have been fixed in version
2.46.3-1~deb11u2.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmdAXL0ACgkQnUbEiOQ2
gwKyQQ//eK/YYwYZzgqOVLvKqBf3lt3UQT94O9EgnyqguIhhQHiZ04Q2gxHybBfc
wb/zQw4F4333hAuF8qmoklW6V5R4ejMdWPoIWXD+P8yyMD6M5tO6ZrSig7hg9JD4
QQScHIktZeRLEefJoNdl+RKq6nUjqYtE97xFoM0DBJH/v2lrFB/uAyOYlE01wOiL
Cu6mNaV6KB0rq57d4vCyC8uT2iKOvDCo8O8m99A0FRXQFRaONEr9QHnMGCZIb7k6
uEoObdILwBqTS8l4rioFNAQ57WYyaQKeHCXyA/lmyeGKxPpRJmS/o+rfJOBOdrJn
xXnx+t8wwIC3H5JNVTTjUkXIzUgrWPpbGWOvpnbj4ytioZsY5xU68E1K1nEqTczf
+YnWTYq8fAkEOjpeGhhtOv6TivtzXDuBaAEsr9p3vvqNWy+R2RDZp+BMxRKmc43Q
xRoC454cEM9w+Hoq3eINwNsZDG1uBG8dPSUPy20nL1e5eojrhgCj99psTQIovVI1
VSxP+487BGaw4uAkHkHlAC3RYv0FPoGD7+4GtzjYG4E7KEGMTU1nu7Bo9+s5KBYa
i62iR6cTbcf2DW3jBF5xe7ZeGAv1kECj/txrDLcWaa5XaYQeorex/wzszUQsGfnO
J4g01aOrObvgMTto1/zRy7JKpbqTJPftKpvjpx/5dHiUUGom/Kc=
=e+o6
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds