Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2023.0177
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2023-0177)
Zusammenfassung:	The remote host is missing an update for the 'webkit2' package(s) announced via the MGASA-2023-0177 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'webkit2' package(s) announced via the MGASA-2023-0177 advisory. Vulnerability Insight: HTML document may be able to render iframes with sensitive user information (CVE-2022-0108) maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32885) use-after-free vulnerability exists in WebCore::RenderLayer. This issue allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. (CVE-2023-25358) maliciously crafted web content may bypass Same Origin Policy (CVE-2023-27932) Website may be able to track sensitive user information. Description: The issue was addressed by removing origin information. (CVE-2023-27954) maliciously crafted web content may lead to arbitrary code execution (CVE-2023-28205) Affected Software/OS: 'webkit2' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2022-0108 Debian Security Information: DSA-5396 (Google Search) https://www.debian.org/security/2023/dsa-5396 Debian Security Information: DSA-5397 (Google Search) https://www.debian.org/security/2023/dsa-5397 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QL5OGMSHRQ26FTYWZUXVNWB2VHOSVXK/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KC7DMUX37BRCLAI4VPQYHDUVEGTNYN5A/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5OKKVEUQAAGH3NHMX3WHWKRPYU4QFKTQ/ https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html https://crbug.com/1248444 https://lists.debian.org/debian-lts-announce/2023/05/msg00011.html http://www.openwall.com/lists/oss-security/2023/04/21/3 Common Vulnerability Exposure (CVE) ID: CVE-2022-32885 https://support.apple.com/en-us/HT213341 https://support.apple.com/en-us/HT213345 https://support.apple.com/en-us/HT213346 Common Vulnerability Exposure (CVE) ID: CVE-2023-25358 https://security.gentoo.org/glsa/202305-32 https://bugs.webkit.org/show_bug.cgi?id=242683 Common Vulnerability Exposure (CVE) ID: CVE-2023-27932 https://support.apple.com/en-us/HT213670 https://support.apple.com/en-us/HT213671 https://support.apple.com/en-us/HT213674 https://support.apple.com/en-us/HT213676 https://support.apple.com/en-us/HT213678 Common Vulnerability Exposure (CVE) ID: CVE-2023-27954 https://support.apple.com/en-us/HT213673 Common Vulnerability Exposure (CVE) ID: CVE-2023-28205 https://support.apple.com/en-us/HT213720 https://support.apple.com/en-us/HT213721 https://support.apple.com/en-us/HT213722 https://support.apple.com/en-us/HT213723
Copyright	Copyright (C) 2023 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.