[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3308-1] webkit2gtk security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3308-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
February 06, 2023                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : webkit2gtk
Version        : 2.38.4-2~deb10u1
CVE ID         : CVE-2022-42826 CVE-2023-23517 CVE-2023-23518

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2022-42826

    Francisco Alonso discovered that processing maliciously crafted
    web content may lead to arbitrary code execution.

CVE-2023-23517

    YeongHyeon Choi, Hyeon Park, SeOk JEON, YoungSung Ahn, JunSeo Bae
    and Dohyun Lee discovered that processing maliciously crafted web
    content may lead to arbitrary code execution.

CVE-2023-23518

    YeongHyeon Choi, Hyeon Park, SeOk JEON, YoungSung Ahn, JunSeo Bae
    and Dohyun Lee discovered that processing maliciously crafted web
    content may lead to arbitrary code execution.

For Debian 10 buster, these problems have been fixed in version
2.38.4-2~deb10u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmPhTxMACgkQnUbEiOQ2
gwI2Mg//ZE468RWrjXLmPd2bMRvolaxngl8obIAFpmHcPFv9YoLzt/ZSc5oJ3DUe
Z0IMVe1Jopd+9nMAEIZL25SKNkJ8Z3Fz2mwbfws8zkMmiybLeNSJBrgnz26ONH2e
JX9CMdxfzrfN0Si5ZQ3AmxtMv8roG67fU8t+v9pwrABVpexk//xffMFbrsaVWsns
zhd12DE6PgbBc0BOMgaZp1VLbpIocU8Cygl4/cU0wuv7gteGT/Q1fSqBJKqmRmLk
/8Vbhft/DTP3eB+CXTJ54iwk0iUPXURbceiT4M7KZK6IKPq5/uXrrfEadxe2jLPs
2zPBiKwPdCaR62JNR8COY4aEyW3l3QIHYL+EpXPDDYIqDPr1OIfm8LRAb+SpK/KA
xwj5QnewrbYF2u5D7tuN16DJn6RgYO8vrB4Wpud1u1+hfOekoBhyzJuTf05bVdU8
q21b2Y3ZF7KKwc4+FN/zSpdPgHHA/HR2xsV+gTmiMpSqq35ZP+it+3RIIq2/g4V7
sDF4k3e3wb3AmpLmBk7rsQ7vAapeREoZuz2eH1eGjCrYeJzDQ25pKEqguyBh0Mdk
RSWPGmS30y6n6TQkMR2DPyH9d0uxsLqpHd8+SROs783DqlUdVXmQtC6MvRKwIgrG
8dgqBybngOJCE7m6RTu8vVm7dlvoAl4zZcFPdBHa3heEAf2FSmY=
=ivri
-----END PGP SIGNATURE-----


Reply to: