1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5885-1] webkit2gtk security update

    From Alberto Garcia@21:1/5 to All on Sun Mar 23 21:50:01 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5885-1 [email protected] https://www.debian.org/security/ Alberto Garcia
    March 23, 2025 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : webkit2gtk
    CVE ID : CVE-2024-44192 CVE-2024-54467 CVE-2025-24201

    The following vulnerabilities have been discovered in the WebKitGTK
    web engine:

    CVE-2024-44192

    Tashita Software Security discovered that processing maliciously
    crafted web content may lead to an unexpected process crash.

    CVE-2024-54467

    Narendra Bhati discovered that a malicious website may exfiltrate
    data cross-origin.

    CVE-2025-24201

    Apple discovered that maliciously crafted web content may be able
    to break out of Web Content sandbox.

    For the stable distribution (bookworm), these problems have been fixed in version 2.48.0-1~deb12u1.

    We recommend that you upgrade your webkit2gtk packages.

    For the detailed security status of webkit2gtk please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmfgbIQACgkQAAyEYu0C 2AJDGg//awiNFGHzL823MstM04qU/0pZ4W/YxIzF1xd/0CiriYkjFkbeectklx55 exvE9IQ4XpKm/MTQ9lVSY51UlqoYVCUY2qQjE8tXAbSZj2/z9LdFwnud5RCsyMHE WbjRHaKTS7t8w4+uuVEDYLrAuVPz/NxWNh0JXMUdvHSBRJraE7o8Gr19+SR8Pt8S uKrbZBg0Oy9jSY+ys3d+dBstIbBufEA0xgnMMZHR7eQ04KG6pKwY2q2xzPtdIsaQ TmxD/XCTy6mgUh+hLQrh8WDLWFMnHfiogjtdCR19KqIEe+RcpSMqA43XzyU6+foZ KEuDZgdx+ChjxI+rf/67YFXgHLanlY4lrr1nUB2b0cL3L60NH2Fitdr/v5uq9R+C ajE9Gm14zrKNswTn+QzAIO76U2HQ7PFHKeWPkI/PgX85YpSxSFf2MXfiyR15l6zl GowtGtHBgnRKPXbe8MtxmR6zeGR5o0laizaVioArI+b2wBdX6Lz2sWu8RPLTiATg Isvkh4mNBGjigI+Q3dwBf/853WCSvqE20iVyQ+Mhbt3MTKzDWzdVY2occPunB78c +8gNhHhERxE5k7mu2A4h68YEcoG8DTyKHKyjwOPIVJvdf22N7zePBpCB4fNU/gI1 D3Lg7CbAdZifmoQG4ouKPfF5mldU4wW7QRcI8/2ZIUls1bDjT7I=
    =/Sm2
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)