NS-SA-2025-0160

简介

important: webkitgtk security update

严重级别

important

主题

An update for webkitgtk is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

webkitgtk:


Security Fix(es):
webkitgtk: A flaw was found in WebKit that may allow a remote attacker to conduct spoofing attacks by exploiting an inconsistent user interface issue. By tricking a victim into visiting a specially crafted website, the attacker could perform address bar spoofing.(CVE-2023-42843)
webkitgtk: A vulnerability was found in WebKitGTK . This flaw allows a remote attacker to trigger arbitrary code execution by persuading a victim to visit a specially crafted website.(CVE-2024-23213)
webkitgtk: A vulnerability was found in WebKit. When processing web content, it may lead to arbitrary code execution.(CVE-2023-28198)
webkitgtk: A vulnerability was found in webkit. A logic issue was addressed with improved validation.(CVE-2023-32370)
webkitgtk: A flaw was found in WebKitGTK, which exists due to excessive data output in WebKit Process Model. This issue occurs when processing malicious web content, which may lead to sensitive information disclosure to unauthorized attackers.(CVE-2023-38133)
webkitgtk: A flaw was found in WebKitGTK. This flaw exists due to an error when handling the Same Origin Policy. A remote attacker can bypass Same Origin Policy restrictions.(CVE-2023-38572)
webkitgtk: A flaw was found in WebKitGTK. This issue occurs when processing malicious web content, which may lead to arbitrary code execution.(CVE-2023-38592)
webkitgtk: A flaw was found in WebKitGTK. This issue occurs when processing malicious web content, which may lead to arbitrary code execution.(CVE-2023-38594)
webkitgtk: A flaw was found in WebKitGTK. This issue occurs when processing malicious web content, which may lead to arbitrary code execution.(CVE-2023-38595)
webkitgtk: A flaw was found in WebKitGTK. This issue occurs when processing malicious web content, which may lead to arbitrary code execution.(CVE-2023-38597)
webkitgtk: A flaw was found in WebKitGTK, which exists due to a logic issue in WebKit related to a user's privacy. A remote attacker may be able to track sensitive user information.(CVE-2023-38599)
webkitgtk: A flaw was found in WebKitGTK. This issue occurs when processing malicious web content, which may lead to arbitrary code execution.(CVE-2023-38600)
webkitgtk: A flaw was found in WebKitGTK. This issue occurs when processing malicious web content, which may lead to arbitrary code execution.(CVE-2023-38611)
webkitgtk: A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution.(CVE-2023-40397)
webkitgtk: A use-after-free vulnerability was found in the WebKitGTK's MediaRecorder API that may lead to memory corruption and Remote Code Execution. The victim needs to access a malicious web page to trigger this vulnerability.(CVE-2023-39928)
webkitgtk: The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.(CVE-2023-41074)
webkitgtk: A vulnerability was found in webkitgtk. This issue occurs when processing web content, which may lead to arbitrary code execution.(CVE-2023-41993)
webkitgtk: A vulnerability in WebKitGTK and WPE WebKit may result in a denial-of-service when processing web content. This issue arises from improper memory handling, which could be exploited by attackers to crash the affected systems.(CVE-2023-41983)
webkitgtk: A vulnerability was found in webkitgtk. This issue occurs when processing maliciously crafted web content, which may lead to arbitrary code execution.(CVE-2023-32439)
webkitgtk: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.03B8.

影响组件

• webkitgtk

影响产品

• CGSL MAIN 7.02

更新包

CVE

• CVE-2023-42843
• CVE-2024-23213
• CVE-2023-28198
• CVE-2023-32370
• CVE-2023-38133
• CVE-2023-38572
• CVE-2023-38592
• CVE-2023-38594
• CVE-2023-38595
• CVE-2023-38597
• CVE-2023-38599
• CVE-2023-38600
• CVE-2023-38611
• CVE-2023-40397
• CVE-2023-39928
• CVE-2023-41074
• CVE-2023-41993
• CVE-2023-41983
• CVE-2023-32439

参考

• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42843
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-23213
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28198
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32370
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38133
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38572
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38592
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38594
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38595
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38597
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38599
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38600
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38611
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40397
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39928
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41074
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41993
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41983
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32439