Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 919327 - net-libs/webkit-gtk: multiple vulnerabilities
Summary: net-libs/webkit-gtk: multiple vulnerabilities
Status: RESOLVED DUPLICATE of bug 919290
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://webkitgtk.org/security/WSA-20...
Whiteboard: A2 [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2023-12-06 12:07 UTC by Christopher Fore
Modified: 2023-12-06 12:52 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Fore 2023-12-06 12:07:26 UTC 
CVE-2023-42916 (https://webkitgtk.org/security/WSA-2023-0011.html):

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1. 


CVE-2023-42917 (https://webkitgtk.org/security/WSA-2023-0011.html):

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.


The above are fixed in 2.42.3
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-12-06 12:15:09 UTC 

*** This bug has been marked as a duplicate of bug 919290 ***