Webkit2GTK, SimpleSAMLphp, Needrestart updates for Debian

Debian 10242 Published by

Debian GNU/Linux has received various security updates, including updates for webkit2gtk, simplesamlphp, and a needrestart regression update:

Debian GNU/Linux 8 (Jessie), 9 (Stretch), and 10 (Buster) Extended LTS:
ELA-1238-2 needrestart regression update

Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1266-1 simplesamlphp security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 3982-1] webkit2gtk security update




[SECURITY] [DLA 3982-1] webkit2gtk security update


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3982-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
December 03, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : webkit2gtk
Version : 2.46.4-1~deb11u1
CVE ID : CVE-2024-44308 CVE-2024-44309

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2024-44308

Clement Lecigne and Benoit Sevens discovered that processing
maliciously crafted web content may lead to arbitrary code
execution. Apple is aware of a report that this issue may have
been actively exploited on Intel-based Mac systems.

CVE-2024-44309

Clement Lecigne and Benoit Sevens discovered that processing
maliciously crafted web content may lead to a cross site scripting
attack. Apple is aware of a report that this issue may have been
actively exploited on Intel-based Mac systems.

For Debian 11 bullseye, these problems have been fixed in version
2.46.4-1~deb11u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



ELA-1266-1 simplesamlphp security update

Package : simplesamlphp
Version : 1.16.3-1+deb10u3 (buster)

Related CVEs :
CVE-2024-52596
CVE-2024-52806

It was discovered that in SimpleSAMLphp, an implementation of the SAML 2.0
protocol, is prone to XML external entity (XXE) vulnerabilities when loading
(untrusted) XML documents or parsing SAML messages.

ELA-1266-1 simplesamlphp security update


ELA-1238-2 needrestart regression update

Package : needrestart
Version : 1.2-8+deb8u4 (jessie), 2.11-3+deb9u4 (stretch), 3.4-5+deb10u3 (buster)

Related CVEs :
CVE-2024-48991

The update for needrestart announced as ELA 1228-1 introduced a
regression, reporting false positives for processes running in chroot or
mountns. Updated packages are now available to correct this issue.

ELA-1238-2 needrestart regression update

HAProxy Update for Ubuntu

LibXL Update for Qubes OS

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...