Advisories ยป MGASA-2023-0177

Updated webkit2 packages fix security vulnerability

Publication date: 21 May 2023
Modification date: 21 May 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-0108 , CVE-2022-32885 , CVE-2023-25358 , CVE-2023-27932 , CVE-2023-27954 , CVE-2023-28205

Description

HTML document may be able to render iframes with sensitive user
information (CVE-2022-0108)
maliciously crafted web content may lead to arbitrary code execution.
(CVE-2022-32885)
use-after-free vulnerability exists in WebCore::RenderLayer. This issue
allows remote attackers to execute arbitrary code or cause a denial of
service (memory corruption and application crash) via a crafted web site.
(CVE-2023-25358)
maliciously crafted web content may bypass Same Origin Policy
(CVE-2023-27932)
Website may be able to track sensitive user information. Description: The
issue was addressed by removing origin information. (CVE-2023-27954)
maliciously crafted web content may lead to arbitrary code execution
(CVE-2023-28205)
                

References

SRPMS

8/core