Path: ...!news.mixmin.net!aioe.org!bofh.it!news.nic.it!robomod From: Alberto Garcia Newsgroups: linux.debian.announce.security Subject: [SECURITY] [DSA 5309-1] wpewebkit security update Date: Sat, 31 Dec 2022 01:50:01 +0100 Message-ID: X-Original-To: debian-security-announce@lists.debian.org X-Mailbox-Line: From debian-security-announce-request@lists.debian.org Sat Dec 31 00:43:50 2022 Old-Return-Path: X-Amavis-Spam-Status: No, score=-113.491 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DIGITS_LETTERS=1, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FVGT_m_MULTI_ODD=0.02, LDO_WHITELIST=-5, PGPSIGNATURE=-5, RCVD_IN_DNSWL_MED=-2.3, USER_IN_DKIM_WELCOMELIST=-0.01, USER_IN_DKIM_WHITELIST=-100] autolearn=ham autolearn_force=no Old-Dkim-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=5yfNPe8aNkQ7I+1EL5FP7B65VnOp426tPR2T+nDV3cg=; b=mN hNSRMJGLjyytVjZiJ0rEm+yojN3gstT4xVyCI1mYmmCVmCs36EvVGJ8ALsA++huKqSYTVmUf5wMYB ficEZOnaRclJQCq5uw5TPNgX1J+B8J6dVKwIVFd4AQOPKlZthVER4WMwDpKVRebiS+Q7yeqTNH0q5 sazHzckzCznl4FKXsYg0U3t738XUim1spf/snzCPb8XsLuQz7fQS6O+b0aH+94xG9g86KN11TRRr3 TPK2pEfS7onhMtOHaX/t7ZTQLraSP+X2AdUumdg9Cu/UXE52OPlv0UxjQNQHNtM4LAdbOIoozxTjJ +8EHhWXrMPCEW1wO1Q/RtPlyf7JMfaHQ==; MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Debian: PGP check passed for security officers Priority: urgent Reply-To: debian-security-announce-request@lists.debian.org X-Mailing-List: archive/latest/4209 List-ID: List-URL: List-Archive: https://lists.debian.org/msgid-search/Y6+FoAx93O7VY/2z@seger.debian.org Approved: robomod@news.nic.it Lines: 81 Organization: linux.* mail to news gateway Sender: robomod@news.nic.it X-Original-Date: Sat, 31 Dec 2022 00:43:12 +0000 X-Original-Message-ID: Bytes: 5444 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5309-1 security@debian.org https://www.debian.org/security/ Alberto Garcia December 31, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : wpewebkit CVE ID : CVE-2022-42852 CVE-2022-42856 CVE-2022-42867 CVE-2022-46692 CVE-2022-46698 CVE-2022-46699 CVE-2022-46700 The following vulnerabilities have been discovered in the WPE WebKit web engine: CVE-2022-42852 hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. CVE-2022-42856 Clement Lecigne discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-42867 Maddie Stone discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-46692 KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. CVE-2022-46698 Dohyun Lee and Ryan Shin discovered that processing maliciously crafted web content may disclose sensitive user information. CVE-2022-46699 Samuel Gross discovered that processing maliciously crafted web content may lead to arbitrary code execution. CVE-2022-46700 Samuel Gross discovered that processing maliciously crafted web content may lead to arbitrary code execution. For the stable distribution (bullseye), these problems have been fixed in version 2.38.3-1~deb11u1. We recommend that you upgrade your wpewebkit packages. For the detailed security status of wpewebkit please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wpewebkit Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmOvgR0ACgkQAAyEYu0C 2AJ1whAAlHxhqKrBKVR6sCPX5DFL7UGiVkIX85tUdD4ABpECeSRWFnwgx7im1g0d JP8f/b4x9hmRZpTHnD/UCuUtPaVrLQbkhyCXnk71oe1EzQGtiFSNGpeFX8JEH/w+ h+3ITIg+ccJM5uHNpC0METgWMDOUTQpfDMq0BPsWkqcRrFa0lt10Geb0o+dYAzQ9 YKuULrcNl/aelSzowPIV9AUqHJvwTfh0EQOf99JVJlVcXXVls7NbjjZHhGoLNCHd cRLjkB/iUFWVUqq42O4PRj3v7Lb9CWBM0OUFNUpjWdGVaXQD6kBDkGfz+4afnU1Q +vqg8cU7a3mFhZ5c8mn1zeynR+/5D+IfZTbMFfLQoe8T5cEOjUCFOAMgM0VC+sDs 1bI5RQDeFF4LzXROcDeW5QCsvefeqhIfkRc9pcJcktM1jDLCTFSRp6/ReQ6QfrZB Vs3x2PBEoECknq9xUaL9USQEoy7EXpEXcIdWo/CuSgNpotKu2pkorFXAogYfTYpT YqCwVnviQqKExE6r7mE7ixPY2YEzmsBxVIT7amv4VCbf1NuU2WfWdpLOQ/9liits hN9xNJCzo/ZWj9/j9Gm0YHKhABBjfbUrzSD52HxqpPQaij3ZxEERh2XDogyCKg+6 D7ZFmgvzL9dS1Uq0wOuys0tDRrbAQg76TrrYHj0DdMswURuOUgY= =equ6 -----END PGP SIGNATURE-----