Test ID:	1.3.6.1.4.1.25623.1.0.893274
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-3274-1)
Summary:	The remote host is missing an update for the Debian 'webkit2gtk' package(s) announced via the DLA-3274-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'webkit2gtk' package(s) announced via the DLA-3274-1 advisory. Vulnerability Insight: The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2022-42852 hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. CVE-2022-42856 Clement Lecigne discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-42867 Maddie Stone discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-46692 KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. CVE-2022-46698 Dohyun Lee and Ryan Shin discovered that processing maliciously crafted web content may disclose sensitive user information. CVE-2022-46699 Samuel Gross discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-46700 Samuel Gross discovered that processing maliciously crafted web content may lead to arbitrary code execution. For Debian 10 buster, these problems have been fixed in version 2.38.3-1~ deb10u1. We recommend that you upgrade your webkit2gtk packages. For the detailed security status of webkit2gtk please refer to its security tracker page at: [link moved to references] Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references] Affected Software/OS: 'webkit2gtk' package(s) on Debian 10. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-42852 https://security.gentoo.org/glsa/202305-32 20221220 APPLE-SA-2022-12-13-1 iOS 16.2 and iPadOS 16.2 http://seclists.org/fulldisclosure/2022/Dec/20 20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2 http://seclists.org/fulldisclosure/2022/Dec/21 20221220 APPLE-SA-2022-12-13-4 macOS Ventura 13.1 http://seclists.org/fulldisclosure/2022/Dec/23 20221220 APPLE-SA-2022-12-13-7 tvOS 16.2 http://seclists.org/fulldisclosure/2022/Dec/26 20221220 APPLE-SA-2022-12-13-8 watchOS 9.2 http://seclists.org/fulldisclosure/2022/Dec/27 20221220 APPLE-SA-2022-12-13-9 Safari 16.2 http://seclists.org/fulldisclosure/2022/Dec/28 https://support.apple.com/en-us/HT213530 https://support.apple.com/en-us/HT213531 https://support.apple.com/en-us/HT213532 https://support.apple.com/en-us/HT213535 https://support.apple.com/en-us/HT213536 https://support.apple.com/en-us/HT213537 Common Vulnerability Exposure (CVE) ID: CVE-2022-42856 20221220 APPLE-SA-2022-12-13-3 iOS 16.1.2 http://seclists.org/fulldisclosure/2022/Dec/22 [oss-security] 20221226 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0011 http://www.openwall.com/lists/oss-security/2022/12/26/1 https://support.apple.com/en-us/HT213516 Common Vulnerability Exposure (CVE) ID: CVE-2022-42867 Common Vulnerability Exposure (CVE) ID: CVE-2022-46692 https://support.apple.com/en-us/HT213538 Common Vulnerability Exposure (CVE) ID: CVE-2022-46698 Common Vulnerability Exposure (CVE) ID: CVE-2022-46699 Common Vulnerability Exposure (CVE) ID: CVE-2022-46700
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.