| Description: | Summary:
The remote host is missing an update for the Debian 'webkit2gtk' package(s) announced via the DSA-5527-1 advisory.
Vulnerability Insight:
The following vulnerabilities have been discovered in the WebKitGTK web engine:
CVE-2023-39928
Marcin Noga discovered that a specially crafted web page can abuse a vulnerability in the MediaRecorder API to cause memory corruption and potentially arbitrary code execution.
CVE-2023-41074
Junsung Lee and Me Li discovered that processing web content may lead to arbitrary code execution.
CVE-2023-41993
Bill Marczak and Maddie Stone discovered that processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
For the oldstable distribution (bullseye), these problems have been fixed in version 2.42.1-1~
deb11u1.
For the stable distribution (bookworm), these problems have been fixed in version 2.42.1-1~
deb12u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to its security tracker page at: [link moved to references]
Affected Software/OS:
'webkit2gtk' package(s) on Debian 11, Debian 12.
Solution:
Please install the updated package(s).
CVSS Score:
7.5
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
