Debian 10225 Published by

Updated Chromium and WebKit2GTK packages are available for Debian GNU/Linux:

[DSA 5617-1] chromium security update
[DSA 5618-1] webkit2gtk security update



[DSA 5617-1] chromium security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5617-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
February 08, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2024-1283 CVE-2024-1284

Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.

For the stable distribution (bookworm), these problems have been fixed in
version 121.0.6167.160-1~deb12u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[DSA 5618-1] webkit2gtk security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5618-1 security@debian.org
https://www.debian.org/security/ Alberto Garcia
February 08, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : webkit2gtk
CVE ID : CVE-2024-23206 CVE-2024-23213 CVE-2024-23222

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2024-23206

An anonymous researcher discovered that a maliciously crafted
webpage may be able to fingerprint the user.

CVE-2024-23213

Wangtaiyu discovered that processing web content may lead to
arbitrary code execution.

CVE-2024-23222

Apple discovered that processing maliciously crafted web content
may lead to arbitrary code execution. Apple is aware of a report
that this issue may have been exploited.

For the oldstable distribution (bullseye), these problems have been fixed
in version 2.42.5-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in
version 2.42.5-1~deb12u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/