The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2023-38133 YeongHyeon Choi discovered that processing web content may disclose sensitive information. CVE-2023-38572 Narendra Bhati discovered that a website may be able to bypass the Same Origin Policy. CVE-2023-38592 Narendra Bhati, Valentino Dalla Valle, Pedro Bernardo, Marco Squarcina, and Lorenzo Veronese discovered that processing web content may lead to arbitrary code execution. CVE-2023-38594 Yuhao Hu discovered that processing web content may lead to arbitrary code execution. CVE-2023-38595 An anonymous researcher, Jiming Wang, and Jikai Ren discovered that processing web content may lead to arbitrary code execution. CVE-2023-38597 Junsung Lee discovered that processing web content may lead to arbitrary code execution. CVE-2023-38599 Hritvik Taneja, Jason Kim, Jie Jeff Xu, Stephan van Schaik, Daniel Genkin, and Yuval Yarom discovered that a website may be able to track sensitive user information. CVE-2023-38600 An anonymous researcher discovered that processing web content may lead to arbitrary code execution. CVE-2023-38611 Francisco Alonso discovered that processing web content may lead to arbitrary code execution. For the oldstable distribution (bullseye), these problems have been fixed in version 2.40.5-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 2.40.5-1~deb12u1. We recommend that you upgrade your webkit2gtk packages. For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk
The following vulnerabilities have been discovered in the WebKitGTK web engine:
YeongHyeon Choi discovered that processing web content may disclose sensitive information.
Narendra Bhati discovered that a website may be able to bypass the Same Origin Policy.
Narendra Bhati, Valentino Dalla Valle, Pedro Bernardo, Marco Squarcina, and Lorenzo Veronese discovered that processing web content may lead to arbitrary code execution.
Yuhao Hu discovered that processing web content may lead to arbitrary code execution.
An anonymous researcher, Jiming Wang, and Jikai Ren discovered that processing web content may lead to arbitrary code execution.
Junsung Lee discovered that processing web content may lead to arbitrary code execution.
Hritvik Taneja, Jason Kim, Jie Jeff Xu, Stephan van Schaik, Daniel Genkin, and Yuval Yarom discovered that a website may be able to track sensitive user information.
An anonymous researcher discovered that processing web content may lead to arbitrary code execution.
Francisco Alonso discovered that processing web content may lead to arbitrary code execution.
For the oldstable distribution (bullseye), these problems have been fixed in version 2.40.5-1~deb11u1.
For the stable distribution (bookworm), these problems have been fixed in version 2.40.5-1~deb12u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk