Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 919327

Summary: net-libs/webkit-gtk: multiple vulnerabilities
Product: Gentoo Security Reporter: Christopher Fore <csfore>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal CC: gnome
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://webkitgtk.org/security/WSA-2023-0011.html
Whiteboard: A2 [ebuild]
Package list:
Runtime testing required: ---

Description Christopher Fore 2023-12-06 12:07:26 UTC 
CVE-2023-42916 (https://webkitgtk.org/security/WSA-2023-0011.html):

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. 


CVE-2023-42917 (https://webkitgtk.org/security/WSA-2023-0011.html):

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.


The above are fixed in 2.42.3
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-12-06 12:15:09 UTC 

*** This bug has been marked as a duplicate of bug 919290 ***