Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 918667 (CVE-2023-32359, CVE-2023-41983, CVE-2023-42852) - <net-libs/webkit-gtk-2.42.2: multiple vulnerabilities
Summary: <net-libs/webkit-gtk-2.42.2: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2023-32359, CVE-2023-41983, CVE-2023-42852
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa+]
Keywords:
Depends on: 919979
Blocks: CVE-2023-42883
  Show dependency tree
 
Reported: 2023-11-27 18:35 UTC by Christopher Fore
Modified: 2024-02-12 01:17 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Fore 2023-11-27 18:35:33 UTC 
CVE-2023-32359 (https://wpewebkit.org/security/WSA-2023-0010.html#CVE-2023-32359):

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user's password may be read aloud by VoiceOver. 

CVE-2023-41983 (https://wpewebkit.org/security/WSA-2023-0010.html#CVE-2023-41983):

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service. 

CVE-2023-42852 (https://wpewebkit.org/security/WSA-2023-0010.html#CVE-2023-42852):

A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.
Comment 1 Larry the Git Cow gentoo-dev 2023-12-24 15:54:45 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ba49d7c8bf7ef3433a36fbe3e23ff871c2bbcd77

commit ba49d7c8bf7ef3433a36fbe3e23ff871c2bbcd77
Author:     Mart Raudsepp <leio@gentoo.org>
AuthorDate: 2023-12-24 15:07:00 +0000
Commit:     Mart Raudsepp <leio@gentoo.org>
CommitDate: 2023-12-24 15:54:27 +0000

    net-libs/webkit-gtk: security cleanup
    
    Bug: https://bugs.gentoo.org/918667
    Bug: https://bugs.gentoo.org/919290
    Signed-off-by: Mart Raudsepp <leio@gentoo.org>

 net-libs/webkit-gtk/Manifest                       |   3 -
 ...ailure-when-gstreamer-support-is-disabled.patch |  33 ---
 net-libs/webkit-gtk/webkit-gtk-2.40.5-r410.ebuild  | 264 ---------------------
 net-libs/webkit-gtk/webkit-gtk-2.40.5-r600.ebuild  | 257 --------------------
 net-libs/webkit-gtk/webkit-gtk-2.40.5.ebuild       | 254 --------------------
 net-libs/webkit-gtk/webkit-gtk-2.42.1-r410.ebuild  | 262 --------------------
 net-libs/webkit-gtk/webkit-gtk-2.42.1-r600.ebuild  | 255 --------------------
 net-libs/webkit-gtk/webkit-gtk-2.42.1.ebuild       | 252 --------------------
 net-libs/webkit-gtk/webkit-gtk-2.42.2-r410.ebuild  | 262 --------------------
 net-libs/webkit-gtk/webkit-gtk-2.42.2-r600.ebuild  | 255 --------------------
 net-libs/webkit-gtk/webkit-gtk-2.42.2.ebuild       | 252 --------------------
 11 files changed, 2349 deletions(-)
Comment 2 Larry the Git Cow gentoo-dev 2024-01-31 14:30:17 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=4a07754d6de45c14716438f4a3e32fda6124b30f

commit 4a07754d6de45c14716438f4a3e32fda6124b30f
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-01-31 14:29:39 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-01-31 14:30:12 +0000

    [ GLSA 202401-33 ] WebKitGTK+: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/915222
    Bug: https://bugs.gentoo.org/918667
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202401-33.xml | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)