{"id":56720,"date":"2024-05-09T20:30:03","date_gmt":"2024-05-09T16:30:03","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/178516\/dsa-5684-1.txt"},"modified":"2024-05-09T20:30:03","modified_gmt":"2024-05-09T16:30:03","slug":"debian-security-advisory-5684-1","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/debian-security-advisory-5684-1\/","title":{"rendered":"Debian Security Advisory 5684-1"},"content":{"rendered":"

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512<\/p>\n

– ————————————————————————-
Debian Security Advisory DSA-5684-1 security@debian.org
https:\/\/www.debian.org\/security\/ Alberto Garcia
May 09, 2024 https:\/\/www.debian.org\/security\/faq
– ————————————————————————-<\/p>\n

Package : webkit2gtk
CVE ID : CVE-2023-42843 CVE-2023-42950 CVE-2023-42956 CVE-2024-23252
CVE-2024-23254 CVE-2024-23263 CVE-2024-23280 CVE-2024-23284<\/p>\n

The following vulnerabilities have been discovered in the WebKitGTK
web engine:<\/p>\n

CVE-2023-42843<\/p>\n

Kacper Kwapisz discovered that visiting a malicious website may
lead to address bar spoofing.<\/p>\n

CVE-2023-42950<\/p>\n

Nan Wang and Rushikesh Nandedkar discovered that processing
maliciously crafted web content may lead to arbitrary code
execution.<\/p>\n

CVE-2023-42956<\/p>\n

SungKwon Lee discovered that processing web content may lead to a
denial-of-service.<\/p>\n

CVE-2024-23252<\/p>\n

anbu1024 discovered that processing web content may lead to a
denial-of-service.<\/p>\n

CVE-2024-23254<\/p>\n

James Lee discovered that a malicious website may exfiltrate audio
data cross-origin.<\/p>\n

CVE-2024-23263<\/p>\n

Johan Carlsson discovered that processing maliciously crafted web
content may prevent Content Security Policy from being enforced.<\/p>\n

CVE-2024-23280<\/p>\n

An anonymous researcher discovered that a maliciously crafted
webpage may be able to fingerprint the user.<\/p>\n

CVE-2024-23284<\/p>\n

Georg Felber and Marco Squarcina discovered that processing
maliciously crafted web content may prevent Content Security
Policy from being enforced.<\/p>\n

For the oldstable distribution (bullseye), these problems have been fixed
in version 2.44.1-1~deb11u1.<\/p>\n

For the stable distribution (bookworm), these problems have been fixed in
version 2.44.1-1~deb12u1.<\/p>\n

We recommend that you upgrade your webkit2gtk packages.<\/p>\n

For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https:\/\/security-tracker.debian.org\/tracker\/webkit2gtk<\/p>\n

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https:\/\/www.debian.org\/security\/<\/p>\n

Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–<\/p>\n

iQIzBAEBCgAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmY8e60ACgkQAAyEYu0C
2ALK\/g\/7BzT5OfeZ1\/2nK7TVdiyOjPuQgoZBqIV1LAmUBy5gHvKjOtrujqI9pVaU
DZtGhgfRwu2AZjAvR1A5gCNTwWyGhvFrLN23\/BaloxcveYr6iY6HuYFymlQp24fM
o35x8DQJySgO3cGmNR1GwwLatr3dVrHh+Kot1J449G4mqlQxH4UQ8ytWOSfpWLdZ
3ndArvVrO35eBUgPbUEooPHITSlusZQPbaVJkmU69zbpW1z220sQldSmObWHbAGG
41NHl74LMqe64tI5EfrgSwdY7L+FEby\/M0JlO37e1Hut0WpQckHuNgrlq6IO20Ed
h80kmkN91TDCihQ1vovZaTbg9bCYcSYCWBxPGomip1v8EL1AybO8c7pEI\/v\/lcVO
x4Ya6++JrJ1994U5esZB7VC0ucEUOc0SqwARyHv6NMmkKxxIPv2YdqPFE196x2Ns
1rTM6dMriuCaKLOb2WUtOawLKPnBNQ0dRS1JLcNDA1Dy9zbDDB6ev8idKnixRMbv
EOyZjBm8RTBK7dGw0BlTdHAoCZvczQJvinAJptvL+771qwcwq7SaL+6L1Ht1MGcN
WS+wrb+DzpSvfprtv5Qvs0NEpmGISwbK3T\/XOEnyyKMQdhemNtpvjWvF+0WNBf\/d
3nPAa5F9ZxJJMEuJFjAmm\/HiK3R6Uko899yBtNbDkJbbA+vQlM8=MdSz
—–END PGP SIGNATURE—–<\/p>\n","protected":false},"excerpt":{"rendered":"

—–BEGIN PGP SIGNED MESSAGE—–Hash: SHA512 – ————————————————————————-Debian Security Advisory DSA-5684-1 security@debian.orghttps:\/\/www.debian.org\/security\/ Alberto GarciaMay 09, 2024 https:\/\/www.debian.org\/security\/faq– ————————————————————————- Package : webkit2gtkCVE ID : CVE-2023-42843 CVE-2023-42950 CVE-2023-42956 CVE-2024-23252CVE-2024-23254 CVE-2024-23263 CVE-2024-23280 CVE-2024-23284 The following vulnerabilities have been discovered in the WebKitGTKweb engine: CVE-2023-42843 Kacper Kwapisz discovered that visiting a malicious website maylead to address bar spoofing. CVE-2023-42950 Nan …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-56720","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56720","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=56720"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56720\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=56720"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=56720"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=56720"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}