LibXSLT and Webkit2GTK updates for Debian 11 LTS

Debian 10371 Published by

Debian GNU/Linux 11 LTS has been updated with two security updates for libxslt and webkit2gtk:

[DSA 5884-1] libxslt security update
[DSA 5885-1] webkit2gtk security update




[SECURITY] [DSA 5884-1] libxslt security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5884-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
March 23, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libxslt
CVE ID : CVE-2024-55549 CVE-2025-24855
Debian Bug : 1100565 1100566

Ivan Fratric discovered two use-after-free vulnerabilities in libxslt,
an XSLT processing runtime library, which may result in the execution of
arbitrary code if a specially crafted files are processed.

For the stable distribution (bookworm), these problems have been fixed in
version 1.1.35-1+deb12u1.

We recommend that you upgrade your libxslt packages.

For the detailed security status of libxslt please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/libxslt

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/


[SECURITY] [DSA 5885-1] webkit2gtk security update


- -------------------------------------------------------------------------
Debian Security Advisory DSA-5885-1 security@debian.org
https://www.debian.org/security/ Alberto Garcia
March 23, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : webkit2gtk
CVE ID : CVE-2024-44192 CVE-2024-54467 CVE-2025-24201

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2024-44192

Tashita Software Security discovered that processing maliciously
crafted web content may lead to an unexpected process crash.

CVE-2024-54467

Narendra Bhati discovered that a malicious website may exfiltrate
data cross-origin.

CVE-2025-24201

Apple discovered that maliciously crafted web content may be able
to break out of Web Content sandbox.

For the stable distribution (bookworm), these problems have been fixed in
version 2.48.0-1~deb12u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

NLTK update for Ubuntu

GAMEMAX N90 Mid-Tower Chassis Review and more

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.org  I ...