------------------------------------------------------------------------ WebKitGTK and WPE WebKit Security Advisory WSA-2024-0004 ------------------------------------------------------------------------ Date reported : August 17, 2024 Advisory ID : WSA-2024-0004 WebKitGTK Advisory URL : https://webkitgtk.org/security/WSA-2024-0004.html WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2024-0004.html CVE identifiers : CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782, CVE-2024-40785, CVE-2024-40789, CVE-2024-40794, CVE-2024-4558. Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. CVE-2024-40776 Versions affected: WebKitGTK and WPE WebKit before 2.44.3. Credit to Huang Xilin of Ant Group Light-Year Security Lab. Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: A use-after-free issue was addressed with improved memory management. WebKit Bugzilla: 273176 CVE-2024-40779 Versions affected: WebKitGTK and WPE WebKit before 2.44.3. Credit to Huang Xilin of Ant Group Light-Year Security Lab. Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 275431 CVE-2024-40780 Versions affected: WebKitGTK and WPE WebKit before 2.44.3. Credit to Huang Xilin of Ant Group Light-Year Security Lab. Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: An out-of-bounds read was addressed with improved bounds checking. WebKit Bugzilla: 275273 CVE-2024-40782 Versions affected: WebKitGTK and WPE WebKit before 2.44.3. Credit to Maksymilian Motyl. Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: A use-after-free issue was addressed with improved memory management. WebKit Bugzilla: 268770 CVE-2024-40785 Versions affected: WebKitGTK and WPE WebKit before 2.44.3. Credit to Johan Carlsson (joaxcar). Impact: Processing maliciously crafted web content may lead to a cross site scripting attack. Description: This issue was addressed with improved checks. WebKit Bugzilla: 273805 CVE-2024-40789 Versions affected: WebKitGTK and WPE WebKit before 2.44.3. Credit to Seunghyun Lee (@0x10n) of KAIST Hacking Lab working with Trend Micro Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2024-40794 Versions affected: WebKitGTK and WPE WebKit before 2.44.3. Credit to Matthew Butler. Impact: Private Browsing tabs may be accessed without authentication. Description: This issue was addressed through improved state management. WebKit Bugzilla: 275272 CVE-2024-4558 Versions affected: WebKitGTK and WPE WebKit before 2.44.3. Credit to an anonymous researcher. Impact: Processing maliciously crafted web content may lead to an unexpected process crash. Description: Use after free in ANGLE allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. WebKit Bugzilla: 274165
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=04b72a137761e28d5456b030a7f0ce5ab3796faf commit 04b72a137761e28d5456b030a7f0ce5ab3796faf Author: Michael Orlitzky <mjo@gentoo.org> AuthorDate: 2024-09-13 12:25:21 +0000 Commit: Michael Orlitzky <mjo@gentoo.org> CommitDate: 2024-09-13 12:50:02 +0000 net-libs/webkit-gtk: add 2.44.4 Tested with/without jumbo build, r410 in Evolution and r600 in Epiphany. And finally reordering $S to make pkgcheck be quiet. Bug: https://bugs.gentoo.org/938026 Closes: https://bugs.gentoo.org/939541 Signed-off-by: Michael Orlitzky <mjo@gentoo.org> net-libs/webkit-gtk/Manifest | 1 + net-libs/webkit-gtk/webkit-gtk-2.44.4-r410.ebuild | 250 +++++++++++++++++++++ net-libs/webkit-gtk/webkit-gtk-2.44.4-r600.ebuild | 262 ++++++++++++++++++++++ net-libs/webkit-gtk/webkit-gtk-2.44.4.ebuild | 248 ++++++++++++++++++++ 4 files changed, 761 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4a3a9b01e2a6789fec18206721118589b34ff2ce commit 4a3a9b01e2a6789fec18206721118589b34ff2ce Author: Michael Orlitzky <mjo@gentoo.org> AuthorDate: 2024-10-10 12:53:05 +0000 Commit: Michael Orlitzky <mjo@gentoo.org> CommitDate: 2024-10-10 13:10:42 +0000 net-libs/webkit-gtk: drop 2.44.1, 2.44.1-r410, 2.44.1-r600 Bug: https://bugs.gentoo.org/938026 Signed-off-by: Michael Orlitzky <mjo@gentoo.org> net-libs/webkit-gtk/Manifest | 1 - net-libs/webkit-gtk/webkit-gtk-2.44.1-r410.ebuild | 251 -------------------- net-libs/webkit-gtk/webkit-gtk-2.44.1-r600.ebuild | 265 ---------------------- net-libs/webkit-gtk/webkit-gtk-2.44.1.ebuild | 249 -------------------- 4 files changed, 766 deletions(-)
