Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Debian: DSA-5557-1 Critical: WebKitGTK Denial Of Service Issue

debian
Calendar Grey November 17, 2023
Debian Logo
The DSA-5557-1 Debian advisory highlights webkit2gtk vulnerabilities that permit arbitrary code execution or cross-site scripting. Users should upgrade for better security.
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2023-41983
Topics%20covered

Topics Covered

security advisory denial of service code execution Debian webkit2gtk

Summary

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2023-41983

Junsung Lee discovered that processing web content may lead to a
denial-of-service.

CVE-2023-42852

An anonymous researcher discovered that processing web content may
lead to arbitrary code execution.

For the oldstable distribution (bullseye), these problems have been fixed
in version 2.42.2-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in
version 2.42.2-1~deb12u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/webkit2gtk

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Severity
critical
Lowest
Low
Medium
High
Critical

Package: webkit2gtk
CVE ID: CVE-2023-41983 CVE-2023-42852

Topics%20covered

Topics Covered

security advisory denial of service code execution Debian webkit2gtk

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here