Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Debian 11 bullseye DLA-3961-1 critical: webkit2gtk address bar spoofing

debian lts
Calendar Grey November 22, 2024
Dist Debian Esm H88
Ubuntu LTS USN-5432-1 emphasizes critical security patches for libc6 tackling multiple vulnerability threats.
The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2024-40866

Summary

CVE-2024-40866

Hafiizh and YoKo Kho discovered that visiting a malicious website
may lead to address bar spoofing.

CVE-2024-44185

Gary Kwong discovered that processing maliciously crafted web
content may lead to an unexpected process crash.

CVE-2024-44187

Narendra Bhati discovered that a malicious website may exfiltrate
data cross-origin.

CVE-2024-44244

An anonymous researcher, Q1IQ (@q1iqF) and P1umer discovered that
processing maliciously crafted web content may lead to an
unexpected process crash.

CVE-2024-44296

Narendra Bhati discovered that processing maliciously crafted web
content may prevent Content Security Policy from being enforced.

For Debian 11 bullseye, these problems have been fixed in version
2.46.3-1~deb11u2.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/webkit2gtk

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

Package: webkit2gtk
Version: 2.46.3-1~deb11u2
CVE ID: CVE-2024-40866 CVE-2024-44185 CVE-2024-44187 CVE-2024-44244

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here