Release security advisory WSA-2023-0012

_posts/2023-12-18-security-advisory-2023-0012.md

@@ -0,0 +1,38 @@
+---
+layout: post
+title: WebKitGTK and WPE WebKit Security Advisory WSA-2023-0012
+permalink: /security/WSA-2023-0012.html
+tags: WSA
+---
+
+* Date Reported: **December 18, 2023**
+
+* Advisory ID: **WSA-2023-0012**
+
+* CVE identifiers: [CVE-2023-42883](#CVE-2023-42883), [CVE-2023-42890](#CVE-2023-42890).
+
+
+Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.
+
+* <a name="CVE-2023-42883" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42883">CVE-2023-42883</a>
+  * Versions affected: WebKitGTK and WPE WebKit before 2.42.4.
+  * Credit to Zoom Offensive Security Team.
+  * Impact: Processing a SVG image may lead to a denial-of-service.
+    Description: The issue was addressed with improved memory handling.
+  * WebKit Bugzilla: 263349
+
+* <a name="CVE-2023-42890" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42890">CVE-2023-42890</a>
+  * Versions affected: WebKitGTK and WPE WebKit before 2.42.0.
+  * Credit to Pwn2car.
+  * Impact: Processing web content may lead to arbitrary code execution.
+    Description: The issue was addressed with improved memory handling.
+  * WebKit Bugzilla: 259830
+
+
+We recommend updating to the latest stable versions of WebKitGTK and WPE
+WebKit. It is the best way to ensure that you are running safe versions
+of WebKit. Please check our websites for information about the latest
+stable releases.
+
+Further information about WebKitGTK and WPE WebKit security advisories can be found at: 
+[https://webkitgtk.org/security.html](https://webkitgtk.org/security.html) or [https://wpewebkit.org/security/](https://wpewebkit.org/security/).