DLA-3274-1

Source
https://storage.googleapis.com/debian-osv/dla-osv/DLA-3274-1.json
Aliases
Published
2023-01-19T00:00:00Z
Modified
2023-01-19T11:18:24.442140Z
Details

The following vulnerabilities have been discovered in the WebKitGTK web engine:

  • CVE-2022-42852 hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory.
  • CVE-2022-42856 Clement Lecigne discovered that processing maliciously crafted web content may lead to arbitrary code execution.
  • CVE-2022-42867 Maddie Stone discovered that processing maliciously crafted web content may lead to arbitrary code execution.
  • CVE-2022-46692 KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy.
  • CVE-2022-46698 Dohyun Lee and Ryan Shin discovered that processing maliciously crafted web content may disclose sensitive user information.
  • CVE-2022-46699 Samuel Gross discovered that processing maliciously crafted web content may lead to arbitrary code execution.
  • CVE-2022-46700 Samuel Gross discovered that processing maliciously crafted web content may lead to arbitrary code execution.

For Debian 10 buster, these problems have been fixed in version 2.38.3-1~deb10u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

References

Affected packages

Debian:10 / webkit2gtk

webkit2gtk

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
2.38.3-1~deb10u1

Affected versions

2.*

2.24.2-1
2.24.2-2
2.24.3-1
2.24.3-1~bpo10+1
2.24.3-1~bpo9+1
2.24.3-1~deb10u1
2.24.4-1
2.24.4-1~bpo10+1
2.24.4-1~bpo9+1
2.24.4-1~deb10u1
2.25.1-1
2.25.2-1
2.25.4-1
2.25.92-1
2.26.0-1
2.26.1-1
2.26.1-2
2.26.1-3
2.26.1-3~bpo10+1
2.26.1-3~bpo9+1
2.26.1-3~bpo9+2
2.26.1-3~deb10u1
2.26.2-1
2.26.2-1~bpo9+1
2.26.2-1~deb10+1
2.26.3-1
2.26.3-1~bpo10+1
2.26.3-1~bpo9+1
2.26.3-1~deb10u1
2.26.4-1
2.26.4-1~bpo9+1
2.26.4-1~bpo9+2
2.26.4-1~bpo9+3
2.26.4-1~deb10u1
2.26.4-1~deb10u2
2.26.4-1~deb10u3
2.27.1-1
2.27.2-1
2.27.3-1
2.27.4-1
2.27.90-1
2.27.91-1
2.28.0-1
2.28.0-2
2.28.0-2~bpo10+1
2.28.1-1
2.28.1-2
2.28.1-2~bpo10+1
2.28.2-1
2.28.2-2
2.28.2-2~bpo10+1
2.28.2-2~deb10u1
2.28.3-1
2.28.3-2
2.28.3-2~deb10u1
2.28.4-1
2.28.4-1~deb10u1
2.29.1-1
2.29.2-1
2.29.3-1
2.29.4-1
2.29.91-1
2.29.92-1
2.30.0-1
2.30.1-1
2.30.1-1~bpo10+1
2.30.2-1
2.30.3-1
2.30.3-1+hurd.1
2.30.3-1~deb10u1
2.30.4-1
2.30.4-1~deb10u1
2.30.5-1
2.30.5-1~deb10u1
2.30.6-1
2.30.6-1~deb10u1
2.31.1-1
2.31.90-1
2.31.91-1
2.32.0-1
2.32.0-2
2.32.1-1
2.32.1-1~deb10u1
2.32.1-2
2.32.2-1
2.32.3-1
2.32.3-1~deb10u1
2.32.4-1
2.32.4-1~deb10u1
2.32.4-1~deb11u1
2.33.1-1
2.33.2-1
2.33.3-1
2.33.90-1
2.33.91-1
2.34.0-1
2.34.0-1~bpo11+1
2.34.1-1
2.34.1-1~deb10u1
2.34.1-1~deb11u1
2.34.2-1
2.34.2-1~bpo11+1
2.34.3-1
2.34.3-1~deb10u1
2.34.3-1~deb11u1
2.34.4-1
2.34.4-1~deb10u1
2.34.4-1~deb11u1
2.34.5-1
2.34.6-1
2.34.6-1~deb10u1
2.34.6-1~deb11u1
2.35.1-1
2.35.2-1
2.35.3-1
2.35.90-1
2.36.0-1
2.36.0-2
2.36.0-3
2.36.0-3~deb10u1
2.36.0-3~deb11u1
2.36.1-1
2.36.2-1
2.36.3-1
2.36.3-1~deb10u1
2.36.3-1~deb11u1
2.36.4-1
2.36.4-1~deb10u1
2.36.4-1~deb11u1
2.36.6-1
2.36.6-1~deb10u1
2.36.6-1~deb11u1
2.36.7-1
2.36.7-1~deb10u1
2.36.7-1~deb11u1
2.37.1-1
2.37.1-2
2.37.90-1
2.37.91-1
2.38.0-1
2.38.0-1~deb10u1
2.38.0-1~deb11u1
2.38.0-2
2.38.0-3
2.38.1-1
2.38.2-1
2.38.2-1~deb10u1
2.38.2-1~deb11u1