Lucene search
Copyright (C) 2024 Greenbone AGOPENVAS:13614125623111020240148HistoryApr 29, 2024 - 12:00 a.m.
Mageia: Security Advisory (MGASA-2024-0148)
2024-04-2900:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
18
mageia
security advisory
webkit2
package update
mgasa-2024-0148
remote host
vulnerability alert
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.2
Confidence
High
EPSS
0.017
Percentile
87.9%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.10.2024.0148");
script_cve_id("CVE-2014-1745", "CVE-2023-37450", "CVE-2023-38133", "CVE-2023-38572", "CVE-2023-38592", "CVE-2023-38594", "CVE-2023-38595", "CVE-2023-38597", "CVE-2023-38599", "CVE-2023-38600", "CVE-2023-38611", "CVE-2023-39434", "CVE-2023-39928", "CVE-2023-40397", "CVE-2023-40414", "CVE-2023-40451", "CVE-2023-41074", "CVE-2023-41993", "CVE-2023-42843", "CVE-2023-42883", "CVE-2023-42890", "CVE-2023-42916", "CVE-2023-42917", "CVE-2023-42950", "CVE-2023-42956", "CVE-2024-23206", "CVE-2024-23213", "CVE-2024-23222", "CVE-2024-23252", "CVE-2024-23254", "CVE-2024-23263", "CVE-2024-23280", "CVE-2024-23284");
script_tag(name:"creation_date", value:"2024-04-29 04:12:50 +0000 (Mon, 29 Apr 2024)");
script_version("2024-08-15T05:05:37+0000");
script_tag(name:"last_modification", value:"2024-08-15 05:05:37 +0000 (Thu, 15 Aug 2024)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2024-01-18 14:30:39 +0000 (Thu, 18 Jan 2024)");
script_name("Mageia: Security Advisory (MGASA-2024-0148)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("Mageia Linux Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA9");
script_xref(name:"Advisory-ID", value:"MGASA-2024-0148");
script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2024-0148.html");
script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=32202");
script_xref(name:"URL", value:"https://webkitgtk.org/2024/04/09/webkitgtk2.44.1-released.html");
script_xref(name:"URL", value:"https://webkitgtk.org/2024/03/16/webkitgtk2.44.0-released.html");
script_xref(name:"URL", value:"https://webkitgtk.org/2024/02/02/webkitgtk2.43.4-released.html");
script_xref(name:"URL", value:"https://webkitgtk.org/2024/02/05/webkitgtk2.42.5-released.html");
script_xref(name:"URL", value:"https://webkitgtk.org/2024/02/02/webkitgtk2.43.4-released.html");
script_xref(name:"URL", value:"https://webkitgtk.org/2023/12/21/webkitgtk2.43.3-released.html");
script_xref(name:"URL", value:"https://webkitgtk.org/2023/12/15/webkitgtk2.42.4-released.html");
script_xref(name:"URL", value:"https://webkitgtk.org/2023/12/05/webkitgtk2.42.3-released.html");
script_xref(name:"URL", value:"https://webkitgtk.org/2023/11/17/webkitgtk2.43.1-released.html");
script_xref(name:"URL", value:"https://webkitgtk.org/2023/11/10/webkitgtk2.42.2-released.html");
script_xref(name:"URL", value:"https://webkitgtk.org/2023/09/15/webkitgtk2.42.0-released.html");
script_xref(name:"URL", value:"https://webkitgtk.org/2023/09/08/webkitgtk2.41.92-released.html");
script_xref(name:"URL", value:"https://webkitgtk.org/2023/08/19/webkitgtk2.41.91-released.html");
script_xref(name:"URL", value:"https://webkitgtk.org/2023/08/10/webkitgtk2.41.90-released.html");
script_xref(name:"URL", value:"https://webkitgtk.org/2023/08/01/webkitgtk2.40.5-released.html");
script_xref(name:"URL", value:"https://webkitgtk.org/2023/07/21/webkitgtk2.40.4-released.html");
script_xref(name:"URL", value:"https://webkitgtk.org/2023/07/04/webkitgtk2.41.6-released.html");
script_tag(name:"summary", value:"The remote host is missing an update for the 'webkit2' package(s) announced via the MGASA-2024-0148 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Due to issues in our build system this package is very outdated, now
that the issues are fixed we are publishing the current upstream
version.
Lot of CVEs are fixed and a lot of changes were made by upstream, see
the links.");
script_tag(name:"affected", value:"'webkit2' package(s) on Mageia 9.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
script_xref(name:"CISA", value:"Known Exploited Vulnerability (KEV) catalog");
script_xref(name:"URL", value:"https://www.cisa.gov/known-exploited-vulnerabilities-catalog");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "MAGEIA9") {
if(!isnull(res = isrpmvuln(pkg:"lib64javascriptcore-gir4.0", rpm:"lib64javascriptcore-gir4.0~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64javascriptcore-gir4.1", rpm:"lib64javascriptcore-gir4.1~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64javascriptcore-gir6.0", rpm:"lib64javascriptcore-gir6.0~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64javascriptcoregtk4.0_18", rpm:"lib64javascriptcoregtk4.0_18~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64javascriptcoregtk4.1_0", rpm:"lib64javascriptcoregtk4.1_0~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64javascriptcoregtk6.0_1", rpm:"lib64javascriptcoregtk6.0_1~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64webkit2gtk-gir4.0", rpm:"lib64webkit2gtk-gir4.0~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64webkit2gtk-gir4.1", rpm:"lib64webkit2gtk-gir4.1~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64webkit2gtk4.0-devel", rpm:"lib64webkit2gtk4.0-devel~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64webkit2gtk4.0_37", rpm:"lib64webkit2gtk4.0_37~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64webkit2gtk4.1-devel", rpm:"lib64webkit2gtk4.1-devel~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64webkit2gtk4.1_0", rpm:"lib64webkit2gtk4.1_0~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64webkitgtk-gir6.0", rpm:"lib64webkitgtk-gir6.0~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64webkitgtk6.0-devel", rpm:"lib64webkitgtk6.0-devel~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64webkitgtk6.0_4", rpm:"lib64webkitgtk6.0_4~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libjavascriptcore-gir4.0", rpm:"libjavascriptcore-gir4.0~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libjavascriptcore-gir4.1", rpm:"libjavascriptcore-gir4.1~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libjavascriptcore-gir6.0", rpm:"libjavascriptcore-gir6.0~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libjavascriptcoregtk4.0_18", rpm:"libjavascriptcoregtk4.0_18~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libjavascriptcoregtk4.1_0", rpm:"libjavascriptcoregtk4.1_0~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libjavascriptcoregtk6.0_1", rpm:"libjavascriptcoregtk6.0_1~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebkit2gtk-gir4.0", rpm:"libwebkit2gtk-gir4.0~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebkit2gtk-gir4.1", rpm:"libwebkit2gtk-gir4.1~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebkit2gtk4.0-devel", rpm:"libwebkit2gtk4.0-devel~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebkit2gtk4.0_37", rpm:"libwebkit2gtk4.0_37~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebkit2gtk4.1-devel", rpm:"libwebkit2gtk4.1-devel~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebkit2gtk4.1_0", rpm:"libwebkit2gtk4.1_0~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebkitgtk-gir6.0", rpm:"libwebkitgtk-gir6.0~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebkitgtk6.0-devel", rpm:"libwebkitgtk6.0-devel~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwebkitgtk6.0_4", rpm:"libwebkitgtk6.0_4~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"webkit2", rpm:"webkit2~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"webkit2-driver", rpm:"webkit2-driver~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"webkit2gtk4.0", rpm:"webkit2gtk4.0~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"webkit2gtk4.0-jsc", rpm:"webkit2gtk4.0-jsc~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"webkit2gtk4.1", rpm:"webkit2gtk4.1~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"webkit2gtk4.1-jsc", rpm:"webkit2gtk4.1-jsc~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"webkitgtk6.0", rpm:"webkitgtk6.0~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"webkitgtk6.0-jsc", rpm:"webkitgtk6.0-jsc~2.44.1~1.mga9", rls:"MAGEIA9"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
References
advisories.mageia.org/MGASA-2024-0148.html
bugs.mageia.org/show_bug.cgi?id=32202
webkitgtk.org/2023/07/04/webkitgtk2.41.6-released.html
webkitgtk.org/2023/07/21/webkitgtk2.40.4-released.html
webkitgtk.org/2023/08/01/webkitgtk2.40.5-released.html
webkitgtk.org/2023/08/10/webkitgtk2.41.90-released.html
webkitgtk.org/2023/08/19/webkitgtk2.41.91-released.html
webkitgtk.org/2023/09/08/webkitgtk2.41.92-released.html
webkitgtk.org/2023/09/15/webkitgtk2.42.0-released.html
webkitgtk.org/2023/11/10/webkitgtk2.42.2-released.html
webkitgtk.org/2023/11/17/webkitgtk2.43.1-released.html
webkitgtk.org/2023/12/05/webkitgtk2.42.3-released.html
webkitgtk.org/2023/12/15/webkitgtk2.42.4-released.html
webkitgtk.org/2023/12/21/webkitgtk2.43.3-released.html
webkitgtk.org/2024/02/02/webkitgtk2.43.4-released.html
webkitgtk.org/2024/02/05/webkitgtk2.42.5-released.html
webkitgtk.org/2024/03/16/webkitgtk2.44.0-released.html
webkitgtk.org/2024/04/09/webkitgtk2.44.1-released.html
www.cisa.gov/known-exploited-vulnerabilities-catalog
Known Exploited Vulnerability (KEV) catalog
MGASA-2024-0148
Related
mageia
mageia
Updated webkit2 packages fix security vulnerabilities
2024-04-26 09:47:12
osv
osv
webkit2gtk - security update
2023-08-05 00:00:00
webkit2gtk - security update
2024-05-09 00:00:00
webkit2gtk vulnerabilities
2024-04-15 16:29:45
nessus
nessus
GLSA-202407-13 : WebKitGTK+: Multiple Vulnerabilities
2024-07-05 00:00:00
SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2024:1293-1)
2024-04-16 00:00:00
Fedora 40 : webkit2gtk4.0 (2024-a1246372a4)
2024-05-07 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5468-1)
2023-08-07 00:00:00
Ubuntu: Security Advisory (USN-6732-1)
2024-04-16 00:00:00
Fedora: Security Advisory (FEDORA-2024-a1246372a4)
2024-05-27 00:00:00
gentoo
gentoo
WebKitGTK+: Multiple Vulnerabilities
2024-07-05 00:00:00
WebKitGTK+: Multiple Vulnerabilities
2024-01-05 00:00:00
WebKitGTK+: Multiple Vulnerabilities
2024-01-31 00:00:00
debian
debian
[SECURITY] [DSA 5684-1] webkit2gtk security update
2024-05-09 07:57:13
[SECURITY] [DSA 5468-1] webkit2gtk security update
2023-08-05 18:13:07
[SECURITY] [DSA 5527-1] webkit2gtk security update
2023-10-12 19:43:03
ubuntu
ubuntu
WebKitGTK vulnerabilities
2024-04-15 00:00:00
WebKitGTK vulnerabilities
2023-08-15 00:00:00
WebKitGTK vulnerabilities
2024-02-12 00:00:00
fedora
fedora
[SECURITY] Fedora 40 Update: webkit2gtk4.0-2.44.1-1.fc40
2024-05-07 05:21:22
[SECURITY] Fedora 38 Update: webkitgtk-2.40.5-1.fc38
2023-08-04 01:30:00
[SECURITY] Fedora 37 Update: webkitgtk-2.40.5-1.fc37
2023-08-18 00:42:15
apple
apple
About the security content of Safari 16.6
2023-07-24 00:00:00
About the security content of Safari 17.2
2023-12-11 00:00:00
About the security content of Safari 17.4
2024-03-07 00:00:00
amazon
amazon
Important: webkitgtk4
2023-09-27 22:48:00
Medium: webkitgtk4
2024-04-11 01:07:00
Important: webkitgtk4
2024-02-15 03:52:00
almalinux
almalinux
Important: webkit2gtk3 security and bug fix update
2023-11-07 00:00:00
Important: webkit2gtk3 security and bug fix update
2023-11-14 00:00:00
Important: webkit2gtk3 security update
2024-05-22 00:00:00
oraclelinux
oraclelinux
webkit2gtk3 security and bug fix update
2023-11-17 00:00:00
webkit2gtk3 security and bug fix update
2023-11-11 00:00:00
webkit2gtk3 security update
2024-05-02 00:00:00
redhat
redhat
(RHSA-2024:2126) Important: webkit2gtk3 security update
2024-04-30 06:14:49
(RHSA-2024:2982) Important: webkit2gtk3 security update
2024-05-22 06:35:16
(RHSA-2023:7055) Important: webkit2gtk3 security and bug fix update
2023-11-14 08:44:13
rocky
rocky
webkit2gtk3 security update
2024-06-14 13:59:30
thn
thn
Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now
2024-01-23 01:30:00
talosblog
talosblog
Why is the cost of cyber insurance rising?
2024-01-25 19:00:35
Cybersecurity considerations to have when shopping for holiday gifts
2023-12-07 19:00:40
hivepro
hivepro
Appleās Timely Response to Actively Exploited Zero-Days
2023-12-14 08:27:54
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.2
Confidence
High
EPSS
0.017
Percentile
87.9%
Related for OPENVAS:13614125623111020240148