Lucene search
Copyright (C) 2024 Greenbone AGOPENVAS:13614125623111120245618HistoryFeb 09, 2024 - 12:00 a.m.
Debian: Security Advisory (DSA-5618-1)
2024-02-0900:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
5
debian
webkit2gtk
package
update
vulnerability
cve-2024-23206
cve-2024-23213
cve-2024-23222
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
48.8%
The remote host is missing an update for the Debian
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.1.1.2024.5618");
script_cve_id("CVE-2024-23206", "CVE-2024-23213", "CVE-2024-23222");
script_tag(name:"creation_date", value:"2024-02-09 04:23:47 +0000 (Fri, 09 Feb 2024)");
script_version("2024-02-09T05:06:25+0000");
script_tag(name:"last_modification", value:"2024-02-09 05:06:25 +0000 (Fri, 09 Feb 2024)");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2024-01-30 14:32:15 +0000 (Tue, 30 Jan 2024)");
script_name("Debian: Security Advisory (DSA-5618-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB(11|12)");
script_xref(name:"Advisory-ID", value:"DSA-5618-1");
script_xref(name:"URL", value:"https://www.debian.org/security/2024/DSA-5618-1");
script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'webkit2gtk' package(s) announced via the DSA-5618-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"affected", value:"'webkit2gtk' package(s) on Debian 11, Debian 12.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "DEB11") {
if(!isnull(res = isdpkgvuln(pkg:"gir1.2-javascriptcoregtk-4.0", ver:"2.42.5-1~deb11u1", rls:"DEB11"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"gir1.2-webkit2-4.0", ver:"2.42.5-1~deb11u1", rls:"DEB11"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libjavascriptcoregtk-4.0-18", ver:"2.42.5-1~deb11u1", rls:"DEB11"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libjavascriptcoregtk-4.0-bin", ver:"2.42.5-1~deb11u1", rls:"DEB11"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libjavascriptcoregtk-4.0-dev", ver:"2.42.5-1~deb11u1", rls:"DEB11"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libwebkit2gtk-4.0-37", ver:"2.42.5-1~deb11u1", rls:"DEB11"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libwebkit2gtk-4.0-dev", ver:"2.42.5-1~deb11u1", rls:"DEB11"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libwebkit2gtk-4.0-doc", ver:"2.42.5-1~deb11u1", rls:"DEB11"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"webkit2gtk-driver", ver:"2.42.5-1~deb11u1", rls:"DEB11"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "DEB12") {
if(!isnull(res = isdpkgvuln(pkg:"gir1.2-javascriptcoregtk-4.0", ver:"2.42.5-1~deb12u1", rls:"DEB12"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"gir1.2-javascriptcoregtk-4.1", ver:"2.42.5-1~deb12u1", rls:"DEB12"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"gir1.2-javascriptcoregtk-6.0", ver:"2.42.5-1~deb12u1", rls:"DEB12"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"gir1.2-webkit-6.0", ver:"2.42.5-1~deb12u1", rls:"DEB12"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"gir1.2-webkit2-4.0", ver:"2.42.5-1~deb12u1", rls:"DEB12"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"gir1.2-webkit2-4.1", ver:"2.42.5-1~deb12u1", rls:"DEB12"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libjavascriptcoregtk-4.0-18", ver:"2.42.5-1~deb12u1", rls:"DEB12"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libjavascriptcoregtk-4.0-bin", ver:"2.42.5-1~deb12u1", rls:"DEB12"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libjavascriptcoregtk-4.0-dev", ver:"2.42.5-1~deb12u1", rls:"DEB12"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libjavascriptcoregtk-4.1-0", ver:"2.42.5-1~deb12u1", rls:"DEB12"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libjavascriptcoregtk-4.1-dev", ver:"2.42.5-1~deb12u1", rls:"DEB12"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libjavascriptcoregtk-6.0-1", ver:"2.42.5-1~deb12u1", rls:"DEB12"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libjavascriptcoregtk-6.0-dev", ver:"2.42.5-1~deb12u1", rls:"DEB12"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libwebkit2gtk-4.0-37", ver:"2.42.5-1~deb12u1", rls:"DEB12"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libwebkit2gtk-4.0-dev", ver:"2.42.5-1~deb12u1", rls:"DEB12"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libwebkit2gtk-4.0-doc", ver:"2.42.5-1~deb12u1", rls:"DEB12"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libwebkit2gtk-4.1-0", ver:"2.42.5-1~deb12u1", rls:"DEB12"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libwebkit2gtk-4.1-dev", ver:"2.42.5-1~deb12u1", rls:"DEB12"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libwebkitgtk-6.0-4", ver:"2.42.5-1~deb12u1", rls:"DEB12"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libwebkitgtk-6.0-dev", ver:"2.42.5-1~deb12u1", rls:"DEB12"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"webkit2gtk-driver", ver:"2.42.5-1~deb12u1", rls:"DEB12"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
Ubuntu 22.04 LTS / 23.10 : WebKitGTK vulnerabilities (USN-6631-1)
2024-02-12 00:00:00
Debian dsa-5618 : gir1.2-javascriptcoregtk-4.0 - security update
2024-02-09 00:00:00
Fedora 38 : webkitgtk (2024-ca3f071aea)
2024-02-11 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6631-1)
2024-02-13 00:00:00
Fedora: Security Advisory for webkitgtk (FEDORA-2024-97faaca23d)
2024-02-09 00:00:00
Fedora: Security Advisory for webkitgtk (FEDORA-2024-ca3f071aea)
2024-02-12 00:00:00
osv
osv
webkit2gtk vulnerabilities
2024-02-12 13:07:31
webkit2gtk - security update
2024-02-08 00:00:00
CVE-2024-23213
2024-01-23 01:15:11
fedora
fedora
[SECURITY] Fedora 38 Update: webkitgtk-2.42.5-1.fc38
2024-02-11 05:40:11
[SECURITY] Fedora 39 Update: webkitgtk-2.42.5-1.fc39
2024-02-09 01:27:52
debian
debian
[SECURITY] [DSA 5618-1] webkit2gtk security update
2024-02-08 23:24:14
ubuntu
ubuntu
WebKitGTK vulnerabilities
2024-02-12 00:00:00
apple
apple
About the security content of Safari 17.3
2024-01-22 00:00:00
About the security content of iOS 16.7.5 and iPadOS 16.7.5
2024-01-22 00:00:00
About the security content of visionOS 1.0.2
2024-01-31 00:00:00
cve
cve
prion
prion
Code injection
2024-01-23 01:15:00
Design/Logic Flaw
2024-01-23 01:15:00
Type confusion
2024-01-23 01:15:00
amazon
amazon
Important: webkitgtk4
2024-02-15 03:52:00
Important: webkitgtk4
2024-02-01 19:57:00
redhatcve
redhatcve
nvd
nvd
debiancve
debiancve
cvelist
cvelist
ubuntucve
ubuntucve
cisa_kev
cisa_kev
Apple Multiple Products WebKit Type Confusion Vulnerability
2024-01-23 00:00:00
hivepro
hivepro
Apple Fixes First Actively Exploited Zero-day of 2024
2024-01-24 08:44:14
malwarebytes
malwarebytes
Update now! Apple releases patch for zero-day vulnerability
2024-01-24 10:37:20
attackerkb
attackerkb
CVE-2024-23222
2024-01-23 00:00:00
talosblog
talosblog
Spyware isnβt going anywhere, and neither are its tactics
2024-02-08 19:00:53
Why is the cost of cyber insurance rising?
2024-01-25 19:00:35
oraclelinux
oraclelinux
webkit2gtk3 security update
2024-05-02 00:00:00
webkit2gtk3 security update
2024-05-23 00:00:00
redhat
redhat
(RHSA-2024:2126) Important: webkit2gtk3 security update
2024-04-30 06:14:49
(RHSA-2024:2982) Important: webkit2gtk3 security update
2024-05-22 06:35:16
(RHSA-2023:4201) Important: webkit2gtk3 security update
2023-07-18 14:24:50
almalinux
almalinux
Important: webkit2gtk3 security update
2024-04-30 00:00:00
Important: webkit2gtk3 security update
2024-05-22 00:00:00
rocky
rocky
webkit2gtk3 security update
2024-06-14 13:59:30
thn
thn
Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now
2024-01-23 01:30:00
CISA Warns of Active Exploitation Apple iOS and macOS Vulnerability
2024-02-01 05:02:00
Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws
2024-03-06 05:54:00
mageia
mageia
Updated webkit2 packages fix security vulnerabilities
2024-04-26 09:47:12
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
48.8%
Related for OPENVAS:13614125623111120245618