1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5899-1] webkit2gtk security update

    From Alberto Garcia@21:1/5 to All on Fri Apr 11 01:00:01 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5899-1 [email protected] https://www.debian.org/security/ Alberto Garcia
    April 10, 2025 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : webkit2gtk
    CVE ID : CVE-2024-54551 CVE-2025-24208 CVE-2025-24209 CVE-2025-24213
    CVE-2025-24216 CVE-2025-24264 CVE-2025-30427

    The following vulnerabilities have been discovered in the WebKitGTK
    web engine:

    CVE-2024-54551

    ajajfxhj discovered that processing web content may lead to a
    denial-of-service.

    CVE-2025-24208

    Muhammad Zaid Ghifari and Kalimantan Utara discovered that loading
    a malicious iframe may lead to a cross-site scripting attack.

    CVE-2025-24209

    Francisco Alonso and an anonymous researcher discovered that
    processing maliciously crafted web content may lead to an
    unexpected process crash.

    CVE-2025-24213

    The Google V8 Security Team discovered that a type confusion issue
    could lead to memory corruption. Note that this CVE is fixed only
    on ARM architectures. x86_64 is not vulnerable, x86 is not
    vulnerable when the SSE2 instruction set is enabled; but other
    architectures remain vulnerable.

    CVE-2025-24216

    Paul Bakker discovered that processing maliciously crafted web
    content may lead to an unexpected Safari crash.

    CVE-2025-24264

    Gary Kwong and an anonymous researcher discovered that processing
    maliciously crafted web content may lead to an unexpected crash.

    CVE-2025-30427

    rheza discovered that processing maliciously crafted web content
    may lead to an unexpected crash.

    For the stable distribution (bookworm), these problems have been fixed in version 2.48.1-2~deb12u1.

    We recommend that you upgrade your webkit2gtk packages.

    For the detailed security status of webkit2gtk please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmf4PZkACgkQAAyEYu0C 2AIO6g/+InbL4sTvYyyhWrplfR6Fj2Bqsdq26L/Yb9DfeHRtCEWGTX2hwCp1da0U 4s3BgjTiCtdZrWGrcaCayvg0KC1OB/mnvj+KIZ4XMFsplO6E488DGDtAxZnDZ5JB Wv+x0pXb3Oc6QjXwWDSjD70lfwoLpWRefzP846n/XzCqA/VlnfLsNqt4Gia0uu79 JDMF3rlnHUVG5NB1Dk6oziW3uWeOQmTSSmAp/mtzbGddM4fpE3q6yig41TK0DXEQ /7NUipv5oPCl6bsG2PSAuSffGlrT909TwLfwCLQ2IcCjY8b9+omgOZK5sSxRgP2P uaD4h9RIPMmpJo5eF/CxO9b345XQlqv2xR0xSVdxyHXtJWjZx9oxCqp0a0aHgYO7 GQQSwopXli5fwBZdIyZ2et4e/sCB7PaZI9GvzOjfarrvl3EJ2AavBkXyOrw/k1WZ BNeATDLYDejqt5tZzAvxFf3N/1BJhvpkjowkfavM2xNk+dPVoNkGoNTmQXQZzIsE eRwl4l64rNy04OAgeJg+P2e7tggtMvYxbmlbVZVQBpoJcBh4qCp7MCG4Vf6U18uc smR0rXs5vX9Vgloe9AnqfH/8KslYzTIYt3X9VsdKSqWB3tpi54uFFLTaQNasuo/b s0QGEFcthNgPjEguhm3Dic0P/TqNaU/uskAiSljOequirDhbPZU=
    =fQdP
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)