Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Debian: DSA-5575-1 critical: WebKitGTK exploits for code execution

debian
Calendar Grey December 11, 2023
Debian Logo
CVE-2023-43247 and CVE-2023-43248 discovered in WebKitGTK. Ensure you upgrade your applications to mitigate risks associated with these flaws.
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2023-42916

Summary

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2023-42916

Clement Lecigne discovered that processing web content may
disclose sensitive information. Apple is aware of a report that
this issue may have been actively exploited.

CVE-2023-42917

Clement Lecigne discovered that processing web content may lead to
arbitrary code execution. Apple is aware of a report that this
issue may have been actively exploited.

For the oldstable distribution (bullseye), these problems have been fixed
in version 2.42.3-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in
version 2.42.3-1~deb12u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/webkit2gtk

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked quest...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: webkit2gtk
CVE ID: CVE-2023-42916 CVE-2023-42917

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here