ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2023.0177
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2023-0177)
Resumen:	The remote host is missing an update for the 'webkit2' package(s) announced via the MGASA-2023-0177 advisory.
Descripción:	Summary: The remote host is missing an update for the 'webkit2' package(s) announced via the MGASA-2023-0177 advisory. Vulnerability Insight: HTML document may be able to render iframes with sensitive user information (CVE-2022-0108) maliciously crafted web content may lead to arbitrary code execution. (CVE-2022-32885) use-after-free vulnerability exists in WebCore::RenderLayer. This issue allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. (CVE-2023-25358) maliciously crafted web content may bypass Same Origin Policy (CVE-2023-27932) Website may be able to track sensitive user information. Description: The issue was addressed by removing origin information. (CVE-2023-27954) maliciously crafted web content may lead to arbitrary code execution (CVE-2023-28205) Affected Software/OS: 'webkit2' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2022-0108 Debian Security Information: DSA-5396 (Google Search) https://www.debian.org/security/2023/dsa-5396 Debian Security Information: DSA-5397 (Google Search) https://www.debian.org/security/2023/dsa-5397 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QL5OGMSHRQ26FTYWZUXVNWB2VHOSVXK/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KC7DMUX37BRCLAI4VPQYHDUVEGTNYN5A/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5OKKVEUQAAGH3NHMX3WHWKRPYU4QFKTQ/ https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html https://crbug.com/1248444 https://lists.debian.org/debian-lts-announce/2023/05/msg00011.html http://www.openwall.com/lists/oss-security/2023/04/21/3 Common Vulnerability Exposure (CVE) ID: CVE-2022-32885 https://support.apple.com/en-us/HT213341 https://support.apple.com/en-us/HT213345 https://support.apple.com/en-us/HT213346 Common Vulnerability Exposure (CVE) ID: CVE-2023-25358 https://security.gentoo.org/glsa/202305-32 https://bugs.webkit.org/show_bug.cgi?id=242683 Common Vulnerability Exposure (CVE) ID: CVE-2023-27932 https://support.apple.com/en-us/HT213670 https://support.apple.com/en-us/HT213671 https://support.apple.com/en-us/HT213674 https://support.apple.com/en-us/HT213676 https://support.apple.com/en-us/HT213678 Common Vulnerability Exposure (CVE) ID: CVE-2023-27954 https://support.apple.com/en-us/HT213673 Common Vulnerability Exposure (CVE) ID: CVE-2023-28205 https://support.apple.com/en-us/HT213720 https://support.apple.com/en-us/HT213721 https://support.apple.com/en-us/HT213722 https://support.apple.com/en-us/HT213723
Copyright	Copyright (C) 2023 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.