Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 918099 (CVE-2023-28198, CVE-2023-32370) - <net-libs/webkit-gtk-2.40.1: multiple vulnerabilities
Summary: <net-libs/webkit-gtk-2.40.1: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2023-28198, CVE-2023-32370
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major
Assignee: Gentoo Security
URL: https://webkitgtk.org/security/WSA-20...
Whiteboard: A2 [glsa+]
Keywords:
Depends on:
Blocks:
 
Reported: 2023-11-23 18:32 UTC by John Helmert III
Modified: 2024-01-05 13:03 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-11-23 18:32:43 UTC
According to WSA-2023-0008:

CVE-2023-28198
    Versions affected: WebKitGTK and WPE WebKit before 2.40.1.
    Credit to hazbinhotel working with Trend Micro Zero Day Initiative.
    Impact: Processing web content may lead to arbitrary code execution.
    Description: A use-after-free issue was addressed with improved
    memory management.

CVE-2023-32370
    Versions affected: WebKitGTK and WPE WebKit before 2.40.1.
    Credit to Gertjan Franken of imec-DistriNet, KU Leuven.
    Impact: Content Security Policy to block domains with wildcards may
    fail. Description: A logic issue was addressed with improved
    validation.
Comment 1 Larry the Git Cow gentoo-dev 2024-01-05 13:01:21 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=a3a0841120687c62c97e02dfd392564da420eec4

commit a3a0841120687c62c97e02dfd392564da420eec4
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-01-05 13:00:45 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-01-05 13:01:13 +0000

    [ GLSA 202401-04 ] WebKitGTK+: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/907818
    Bug: https://bugs.gentoo.org/909663
    Bug: https://bugs.gentoo.org/910656
    Bug: https://bugs.gentoo.org/918087
    Bug: https://bugs.gentoo.org/918099
    Bug: https://bugs.gentoo.org/919290
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202401-04.xml | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)