Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianlists.debian.orgDEBIAN:DSA-5684-1:B9760
HistoryMay 09, 2024 - 7:57 a.m.

[SECURITY] [DSA 5684-1] webkit2gtk security update

2024-05-0907:57:13
lists.debian.org
9
address bar spoofing
arbitrary code execution
debian
vulnerabilities
denial-of-service
audio data exfiltration
content security policy
security update
webkit2gtk

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

41.7%

JSON

Debian Security Advisory DSA-5684-1 [email protected]
https://www.debian.org/security/ Alberto Garcia
May 09, 2024 https://www.debian.org/security/faq

Package : webkit2gtk
CVE ID : CVE-2023-42843 CVE-2023-42950 CVE-2023-42956 CVE-2024-23252
CVE-2024-23254 CVE-2024-23263 CVE-2024-23280 CVE-2024-23284

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2023-42843

Kacper Kwapisz discovered that visiting a malicious website may
lead to address bar spoofing.

CVE-2023-42950

Nan Wang and Rushikesh Nandedkar discovered that processing
maliciously crafted web content may lead to arbitrary code
execution.

CVE-2023-42956

SungKwon Lee discovered that processing web content may lead to a
denial-of-service.

CVE-2024-23252

anbu1024 discovered that processing web content may lead to a
denial-of-service.

CVE-2024-23254

James Lee discovered that a malicious website may exfiltrate audio
data cross-origin.

CVE-2024-23263

Johan Carlsson discovered that processing maliciously crafted web
content may prevent Content Security Policy from being enforced.

CVE-2024-23280

An anonymous researcher discovered that a maliciously crafted
webpage may be able to fingerprint the user.

CVE-2024-23284

Georg Felber and Marco Squarcina discovered that processing
maliciously crafted web content may prevent Content Security
Policy from being enforced.

For the oldstable distribution (bullseye), these problems have been fixed
in version 2.44.1-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in
version 2.44.1-1~deb12u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian11alllibjavascriptcoregtk-4.0-18< 2.44.1-1~deb11u1libjavascriptcoregtk-4.0-18_2.44.1-1~deb11u1_all.deb
Debian12alllibjavascriptcoregtk-4.0-bin< 2.44.1-1~deb12u1libjavascriptcoregtk-4.0-bin_2.44.1-1~deb12u1_all.deb
Debian12allgir1.2-javascriptcoregtk-4.1< 2.44.1-1~deb12u1gir1.2-javascriptcoregtk-4.1_2.44.1-1~deb12u1_all.deb
Debian12allgir1.2-javascriptcoregtk-6.0< 2.44.1-1~deb12u1gir1.2-javascriptcoregtk-6.0_2.44.1-1~deb12u1_all.deb
Debian12alllibjavascriptcoregtk-4.1-0< 2.44.1-1~deb12u1libjavascriptcoregtk-4.1-0_2.44.1-1~deb12u1_all.deb
Debian11alllibwebkit2gtk-4.0-dev< 2.44.1-1~deb11u1libwebkit2gtk-4.0-dev_2.44.1-1~deb11u1_all.deb
Debian12alllibwebkit2gtk-4.1-dev< 2.44.1-1~deb12u1libwebkit2gtk-4.1-dev_2.44.1-1~deb12u1_all.deb
Debian12alllibwebkit2gtk-4.0-37< 2.44.1-1~deb12u1libwebkit2gtk-4.0-37_2.44.1-1~deb12u1_all.deb
Debian12allwebkit2gtk-driver< 2.44.1-1~deb12u1webkit2gtk-driver_2.44.1-1~deb12u1_all.deb
Debian12allgir1.2-webkit2-4.1< 2.44.1-1~deb12u1gir1.2-webkit2-4.1_2.44.1-1~deb12u1_all.deb
Rows per page:
1-10 of 321

Related

openvas 16
nessus 23
ubuntu 1
osv 11
fedora 4
apple 16
amazon 5
gentoo 1
redhatcve 8
cvelist 8
ubuntucve 8
debiancve 8
vulnrichment 8
nvd 8
prion 6
cve 8
mageia 1
openvas
openvas
Fedora: Security Advisory (FEDORA-2024-a1246372a4)
2024-05-27 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:1293-1)
2024-05-07 00:00:00
Ubuntu: Security Advisory (USN-6732-1)
2024-04-16 00:00:00
nessus
nessus
SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2024:1293-1)
2024-04-16 00:00:00
Fedora 40 : webkit2gtk4.0 (2024-a1246372a4)
2024-05-07 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : webkit2gtk3 (SUSE-SU-2024:1270-1)
2024-04-13 00:00:00
ubuntu
ubuntu
WebKitGTK vulnerabilities
2024-04-15 00:00:00
osv
osv
webkit2gtk - security update
2024-05-09 00:00:00
webkit2gtk vulnerabilities
2024-04-15 16:29:45
Security update for webkit2gtk3
2024-06-07 15:04:40
fedora
fedora
[SECURITY] Fedora 40 Update: webkit2gtk4.0-2.44.1-1.fc40
2024-05-07 05:21:22
[SECURITY] Fedora 40 Update: webkitgtk-2.44.0-2.fc40
2024-03-26 00:15:47
[SECURITY] Fedora 39 Update: webkitgtk-2.44.0-2.fc39
2024-03-22 01:16:32
apple
apple
About the security content of Safari 17.4
2024-03-07 00:00:00
About the security content of Safari 17.2
2023-12-11 00:00:00
About the security content of visionOS 1.1
2024-03-07 00:00:00
amazon
amazon
Medium: webkitgtk4
2024-04-11 01:07:00
Important: webkitgtk4
2024-02-01 19:57:00
Medium: webkitgtk4
2024-06-19 19:15:00
gentoo
gentoo
WebKitGTK+: Multiple Vulnerabilities
2024-07-05 00:00:00
redhatcve
redhatcve
CVE-2024-23254
2024-03-19 13:24:07
CVE-2024-23252
2024-03-19 13:24:02
CVE-2023-42950
2024-03-27 03:51:06
cvelist
cvelist
CVE-2024-23254
2024-03-08 01:36:07
CVE-2024-23252
2024-03-08 01:35:45
CVE-2023-42956
2024-03-28 15:39:18
ubuntucve
ubuntucve
CVE-2024-23252
2024-03-08 00:00:00
CVE-2024-23263
2024-03-08 00:00:00
CVE-2024-23254
2024-03-08 00:00:00
debiancve
debiancve
CVE-2024-23252
2024-03-08 02:15:48
CVE-2024-23254
2024-03-08 02:15:48
CVE-2024-23263
2024-03-08 02:15:48
vulnrichment
vulnrichment
CVE-2024-23252
2024-03-08 01:35:45
CVE-2023-42956
2024-03-28 15:39:18
CVE-2024-23254
2024-03-08 01:36:07
nvd
nvd
CVE-2024-23254
2024-03-08 02:15:48
CVE-2024-23252
2024-03-08 02:15:48
CVE-2023-42950
2024-03-28 16:15:08
prion
prion
Sql injection
2024-03-08 02:15:00
Design/Logic Flaw
2024-03-08 02:15:00
Design/Logic Flaw
2024-03-08 02:15:00
cve
cve
CVE-2024-23252
2024-03-08 02:15:48
CVE-2024-23254
2024-03-08 02:15:48
CVE-2023-42956
2024-03-28 16:15:08
mageia
mageia
Updated webkit2 packages fix security vulnerabilities
2024-04-26 09:47:12

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

41.7%

JSON
Related for DEBIAN:DSA-5684-1:B9760
openvas16nessus23ubuntu1osv11fedora4apple16amazon5gentoo1redhatcve8cvelist8ubuntucve8debiancve8vulnrichment8nvd8prion6cve8mageia1