| Description: | Summary:
The remote host is missing an update for the Debian 'webkit2gtk' package(s) announced via the DSA-5396-1 advisory.
Vulnerability Insight:
The following vulnerabilities have been discovered in the WebKitGTK web engine:
CVE-2022-0108
Luan Herrera discovered that an HTML document may be able to render iframes with sensitive user information.
CVE-2022-32885
P1umer and Q1IQ discovered that processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2023-27932
An anonymous researcher discovered that processing maliciously crafted web content may bypass Same Origin Policy.
CVE-2023-27954
An anonymous researcher discovered that a website may be able to track sensitive user information.
CVE-2023-28205
Clement Lecigne and Donncha O Cearbhaill discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
For the stable distribution (bullseye), these problems have been fixed in version 2.40.1-1~
deb11u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to its security tracker page at: [link moved to references]
Affected Software/OS:
'webkit2gtk' package(s) on Debian 11.
Solution:
Please install the updated package(s).
CVSS Score:
4.3
CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
