Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 905351 (CVE-2022-32885, CVE-2023-27932, CVE-2023-27954, CVE-2023-28205, WSA-2023-0003) - <net-libs/webkit-gtk-2.40.1: multiple vulnerabilities
Summary: <net-libs/webkit-gtk-2.40.1: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2022-32885, CVE-2023-27932, CVE-2023-27954, CVE-2023-28205, WSA-2023-0003
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://webkitgtk.org/security/WSA-20...
Whiteboard: A2 [glsa+]
Keywords:
Depends on: 905489 905492 905579
Blocks:
  Show dependency tree
 
Reported: 2023-04-29 23:20 UTC by John Helmert III
Modified: 2023-05-30 03:08 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-04-29 23:20:13 UTC
"CVE-2022-0108
    Versions affected: WebKitGTK and WPE WebKit before 2.38.6 and 2.40
    branch before 2.40.1.
    Credit to Luan Herrera (@lbherrera_).
    Impact: An HTML document may be able to render iframes with
    sensitive user information. Description: This issue was addressed
    with improved iframe sandbox enforcement.

CVE-2022-32885
    Versions affected: WebKitGTK and WPE WebKit before 2.38.6 and 2.40
    branch before 2.40.1.
    Credit to P1umer(@p1umer) and Q1IQ(@q1iqF).
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Description: A memory corruption issue was
    addressed with improved validation.

CVE-2023-27932
    Versions affected: WebKitGTK and WPE WebKit before 2.38.6 and 2.40
    branch before 2.40.1.
    Credit to an anonymous researcher.
    Impact: Processing maliciously crafted web content may bypass Same
    Origin Policy. Description: This issue was addressed with improved
    state management.

CVE-2023-27954
    Versions affected: WebKitGTK and WPE WebKit before 2.38.6 and 2.40
    branch before 2.40.1.
    Credit to an anonymous researcher.
    Impact: A website may be able to track sensitive user information.
    Description: The issue was addressed by removing origin information.

CVE-2023-28205
    Versions affected: WebKitGTK and WPE WebKit before 2.38.6 and 2.40
    branch before 2.40.1.
    Credit to Clément Lecigne of Google's Threat Analysis Group and
    Donncha Ó Cearbhaill of Amnesty International’s Security Lab.
    Impact: Processing maliciously crafted web content may lead to
    arbitrary code execution. Apple is aware of a report that this issue
    may have been actively exploited. Description: A use after free
    issue was addressed with improved memory management."

Please stabilize 2.40.1.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-08 04:03:22 UTC
Thanks! Please cleanup.
Comment 2 Larry the Git Cow gentoo-dev 2023-05-18 14:41:50 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d24459ed817d36cb6b0a3c3e487ae392a0237826

commit d24459ed817d36cb6b0a3c3e487ae392a0237826
Author:     Matt Turner <mattst88@gentoo.org>
AuthorDate: 2023-05-18 14:40:12 +0000
Commit:     Matt Turner <mattst88@gentoo.org>
CommitDate: 2023-05-18 14:40:37 +0000

    net-libs/webkit-gtk: Drop SLOT=5
    
    Has been replaced by SLOT=6.
    
    Bug: https://bugs.gentoo.org/905351
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 net-libs/webkit-gtk/Manifest                      |   1 -
 net-libs/webkit-gtk/files/2.38.3-gcc-13.patch     |  25 --
 net-libs/webkit-gtk/files/2.38.5-gcc-13.patch     |  30 ---
 net-libs/webkit-gtk/webkit-gtk-2.38.5-r500.ebuild | 265 ----------------------
 4 files changed, 321 deletions(-)
Comment 3 Matt Turner gentoo-dev 2023-05-18 14:42:49 UTC
Other vulnerable versions dropped in

commit f2e39b35f2bc73494ab8e38c67240a45a868e27f
Author: Matt Turner <mattst88@gentoo.org>
Date:   Wed May 17 17:14:14 2023 -0400

    net-libs/webkit-gtk: Drop old versions
    
    Signed-off-by: Matt Turner <mattst88@gentoo.org>

 net-libs/webkit-gtk/Manifest                      |   1 -
 net-libs/webkit-gtk/webkit-gtk-2.38.5-r410.ebuild | 271 ----------------------
 net-libs/webkit-gtk/webkit-gtk-2.38.5.ebuild      | 261 ---------------------
 net-libs/webkit-gtk/webkit-gtk-2.40.0-r410.ebuild | 257 --------------------
 net-libs/webkit-gtk/webkit-gtk-2.40.0-r600.ebuild | 250 --------------------
 net-libs/webkit-gtk/webkit-gtk-2.40.0.ebuild      | 247 --------------------
 6 files changed, 1287 deletions(-)
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-29 04:35:59 UTC
GLSA request filed.
Comment 5 Larry the Git Cow gentoo-dev 2023-05-30 03:05:32 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=a8dea8203b3b4b4cca0bdebe02a9a8ea505ae935

commit a8dea8203b3b4b4cca0bdebe02a9a8ea505ae935
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-05-30 03:01:57 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2023-05-30 03:05:03 +0000

    [ GLSA 202305-32 ] WebKitGTK+: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/871732
    Bug: https://bugs.gentoo.org/879571
    Bug: https://bugs.gentoo.org/888563
    Bug: https://bugs.gentoo.org/905346
    Bug: https://bugs.gentoo.org/905349
    Bug: https://bugs.gentoo.org/905351
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202305-32.xml | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 80 insertions(+)
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-30 03:08:28 UTC
GLSA released, all done!