Release security advisory WSA-2023-0011

_posts/2023-12-05-security-advisory-2023-0011.md

@@ -0,0 +1,42 @@
+---
+layout: post
+title: WebKitGTK and WPE WebKit Security Advisory WSA-2023-0011
+permalink: /security/WSA-2023-0011.html
+tags: WSA
+---
+
+* Date Reported: **December 05, 2023**
+
+* Advisory ID: **WSA-2023-0011**
+
+* CVE identifiers: [CVE-2023-42916](#CVE-2023-42916), [CVE-2023-42917](#CVE-2023-42917).
+
+
+Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.
+
+* <a name="CVE-2023-42916" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42916">CVE-2023-42916</a>
+  * Versions affected: WebKitGTK and WPE WebKit before 2.42.3.
+  * Credit to Clément Lecigne of Google's Threat Analysis Group.
+  * Impact: Processing web content may disclose sensitive information.
+    Apple is aware of a report that this issue may have been actively
+    exploited. Description: An out-of-bounds read was addressed with
+    improved input validation.
+  * WebKit Bugzilla: 265041
+
+* <a name="CVE-2023-42917" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42917">CVE-2023-42917</a>
+  * Versions affected: WebKitGTK and WPE WebKit before 2.42.3.
+  * Credit to Clément Lecigne of Google's Threat Analysis Group.
+  * Impact: Processing web content may lead to arbitrary code execution.
+    Apple is aware of a report that this issue may have been actively
+    exploited. Description: A memory corruption vulnerability was
+    addressed with improved locking.
+  * WebKit Bugzilla: 265067
+
+
+We recommend updating to the latest stable versions of WebKitGTK and WPE
+WebKit. It is the best way to ensure that you are running safe versions
+of WebKit. Please check our websites for information about the latest
+stable releases.
+
+Further information about WebKitGTK and WPE WebKit security advisories can be found at: 
+[https://webkitgtk.org/security.html](https://webkitgtk.org/security.html) or [https://wpewebkit.org/security/](https://wpewebkit.org/security/).