Bug 915222 (CVE-2023-35074, CVE-2023-39434, CVE-2023-39928, CVE-2023-40451, CVE-2023-41074, CVE-2023-41993, CVE-2023-42890, WSA-2023-0009)

Summary:	<net-libs/webkit-gtk-{2.42.1, 2.42.1-r410, 2.42.1-r600}: Multiple vulnerabilities
Product:	Gentoo Security	Reporter:	Sam James <sam>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	ajak, gnome
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://webkitgtk.org/security/WSA-2023-0009.html
Whiteboard:	A1 [glsa+]
Package list:		Runtime testing required:	---
Bug Depends on:	915977
Bug Blocks:	920664

Description Sam James archtester

2023-10-05 23:52:58 UTC

https://webkitgtk.org/security/WSA-2023-0009.html

CVE-2023-39928
Versions affected: WebKitGTK and WPE WebKit before 2.42.0.
Credit to Marcin ‘Icewall’ Noga of Cisco Talos.
A use-after-free vulnerability exists in the MediaRecorder API of the WebKit GStreamer-based ports (WebKitGTK and WPE WebKit). A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability. WebKit Bugzilla: 260649.
CVE-2023-35074
Versions affected: WebKitGTK and WPE WebKit before 2.40.0.
Credit to Abysslab Dong Jun Kim(@smlijun) and Jong Seong Kim(@nevul37).
Impact: Processing web content may lead to arbitrary code execution. Description: The issue was addressed with improved memory handling.
CVE-2023-39434
Versions affected: WebKitGTK and WPE WebKit before 2.40.5.
Credit to Francisco Alonso (@revskills), and Dohyun Lee (@l33d0hyun) of PK Security.
Impact: Processing web content may lead to arbitrary code execution. Description: A use-after-free issue was addressed with improved memory management.
CVE-2023-40451
Versions affected: WebKitGTK and WPE WebKit before 2.40.5.
Credit to an anonymous researcher.
Impact: An attacker with JavaScript execution may be able to execute arbitrary code. Description: This issue was addressed with improved iframe sandbox enforcement.
CVE-2023-41074
Versions affected: WebKitGTK and WPE WebKit before 2.42.0.
Credit to 이준성(Junsung Lee) of Cross Republic and me Li.
Impact: Processing web content may lead to arbitrary code execution. Description: The issue was addressed with improved checks.
CVE-2023-41993
Versions affected: WebKitGTK and WPE WebKit before 2.42.1.
Credit to Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group.
Impact: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: The issue was addressed with improved checks.

Comment 1 John Helmert III archtester

2024-01-28 17:52:40 UTC

Another CVE fixed in 2.42.0 in WSA-2023-0012:

CVE-2023-42890
    Versions affected: WebKitGTK and WPE WebKit before 2.42.0.
    Credit to Pwn2car.
    Impact: Processing web content may lead to arbitrary code execution.
    Description: The issue was addressed with improved memory handling.
    WebKit Bugzilla: 259830

Comment 2 Larry the Git Cow gentoo-dev

2024-01-31 14:30:18 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=4a07754d6de45c14716438f4a3e32fda6124b30f

commit 4a07754d6de45c14716438f4a3e32fda6124b30f
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-01-31 14:29:39 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-01-31 14:30:12 +0000

    [ GLSA 202401-33 ] WebKitGTK+: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/915222
    Bug: https://bugs.gentoo.org/918667
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202401-33.xml | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)