Summary: | <net-libs/webkit-gtk-2.40.1: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://webkitgtk.org/security/WSA-2023-0003.html | ||
Whiteboard: | A2 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 905489, 905492, 905579 | ||
Bug Blocks: |
Description
John Helmert III
![]() ![]() ![]() ![]() Thanks! Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d24459ed817d36cb6b0a3c3e487ae392a0237826 commit d24459ed817d36cb6b0a3c3e487ae392a0237826 Author: Matt Turner <mattst88@gentoo.org> AuthorDate: 2023-05-18 14:40:12 +0000 Commit: Matt Turner <mattst88@gentoo.org> CommitDate: 2023-05-18 14:40:37 +0000 net-libs/webkit-gtk: Drop SLOT=5 Has been replaced by SLOT=6. Bug: https://bugs.gentoo.org/905351 Signed-off-by: Matt Turner <mattst88@gentoo.org> net-libs/webkit-gtk/Manifest | 1 - net-libs/webkit-gtk/files/2.38.3-gcc-13.patch | 25 -- net-libs/webkit-gtk/files/2.38.5-gcc-13.patch | 30 --- net-libs/webkit-gtk/webkit-gtk-2.38.5-r500.ebuild | 265 ---------------------- 4 files changed, 321 deletions(-) Other vulnerable versions dropped in commit f2e39b35f2bc73494ab8e38c67240a45a868e27f Author: Matt Turner <mattst88@gentoo.org> Date: Wed May 17 17:14:14 2023 -0400 net-libs/webkit-gtk: Drop old versions Signed-off-by: Matt Turner <mattst88@gentoo.org> net-libs/webkit-gtk/Manifest | 1 - net-libs/webkit-gtk/webkit-gtk-2.38.5-r410.ebuild | 271 ---------------------- net-libs/webkit-gtk/webkit-gtk-2.38.5.ebuild | 261 --------------------- net-libs/webkit-gtk/webkit-gtk-2.40.0-r410.ebuild | 257 -------------------- net-libs/webkit-gtk/webkit-gtk-2.40.0-r600.ebuild | 250 -------------------- net-libs/webkit-gtk/webkit-gtk-2.40.0.ebuild | 247 -------------------- 6 files changed, 1287 deletions(-) GLSA request filed. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=a8dea8203b3b4b4cca0bdebe02a9a8ea505ae935 commit a8dea8203b3b4b4cca0bdebe02a9a8ea505ae935 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-30 03:01:57 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-05-30 03:05:03 +0000 [ GLSA 202305-32 ] WebKitGTK+: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/871732 Bug: https://bugs.gentoo.org/879571 Bug: https://bugs.gentoo.org/888563 Bug: https://bugs.gentoo.org/905346 Bug: https://bugs.gentoo.org/905349 Bug: https://bugs.gentoo.org/905351 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202305-32.xml | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) GLSA released, all done! CVE-2023-32435 (https://support.apple.com/en-us/HT213670): A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. According to WSA-2023-0005 (https://webkitgtk.org/security/WSA-2023-0005.html): "CVE-2023-32435 Versions affected: WebKitGTK and WPE WebKit before 2.40.0. Credit to Georgy Kucherin (@kucher1n), Leonid Bezvershenko (@bzvr_), and Boris Larin (@oct0xor) of Kaspersky. Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A memory corruption issue was addressed with improved state management." |