Skip to content

Commit

Permalink
Release security advisory WSA-2023-0009
Browse files Browse the repository at this point in the history
  • Loading branch information
clopez committed Sep 28, 2023
1 parent 0b2152f commit 9b35b52
Showing 1 changed file with 74 additions and 0 deletions.
74 changes: 74 additions & 0 deletions _posts/2023-09-28-security-advisory-2023-0009.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
---
layout: post
title: WebKitGTK and WPE WebKit Security Advisory WSA-2023-0009
permalink: /security/WSA-2023-0009.html
tags: WSA
---

* Date Reported: **September 28, 2023**

* Advisory ID: **WSA-2023-0009**

* CVE identifiers: [CVE-2023-39928](#CVE-2023-39928), [CVE-2023-35074](#CVE-2023-35074),
[CVE-2023-39434](#CVE-2023-39434), [CVE-2023-40451](#CVE-2023-40451),
[CVE-2023-41074](#CVE-2023-41074), [CVE-2023-41993](#CVE-2023-41993).


Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.

* <a name="CVE-2023-39928" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39928">CVE-2023-39928</a>
* Versions affected: WebKitGTK and WPE WebKit before 2.42.0.
* Credit to Marcin 'Icewall' Noga of Cisco Talos.
* A use-after-free vulnerability exists in the MediaRecorder API of
the WebKit GStreamer-based ports (WebKitGTK and WPE WebKit). A
specially crafted web page can abuse this vulnerability to cause
memory corruption and potentially arbitrary code execution. A user
would need to to visit a malicious webpage to trigger this
vulnerability. WebKit Bugzilla: 260649.

* <a name="CVE-2023-35074" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35074">CVE-2023-35074</a>
* Versions affected: WebKitGTK and WPE WebKit before 2.40.0.
* Credit to Abysslab Dong Jun Kim(@smlijun) and Jong Seong
Kim(@nevul37).
* Impact: Processing web content may lead to arbitrary code execution.
Description: The issue was addressed with improved memory handling.

* <a name="CVE-2023-39434" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39434">CVE-2023-39434</a>
* Versions affected: WebKitGTK and WPE WebKit before 2.40.5.
* Credit to Francisco Alonso (@revskills), and Dohyun Lee (@l33d0hyun)
of PK Security.
* Impact: Processing web content may lead to arbitrary code execution.
Description: A use-after-free issue was addressed with improved
memory management.

* <a name="CVE-2023-40451" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40451">CVE-2023-40451</a>
* Versions affected: WebKitGTK and WPE WebKit before 2.40.5.
* Credit to an anonymous researcher.
* Impact: An attacker with JavaScript execution may be able to execute
arbitrary code. Description: This issue was addressed with improved
iframe sandbox enforcement.

* <a name="CVE-2023-41074" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41074">CVE-2023-41074</a>
* Versions affected: WebKitGTK and WPE WebKit before 2.42.0.
* Credit to 이준성(Junsung Lee) of Cross Republic and me Li.
* Impact: Processing web content may lead to arbitrary code execution.
Description: The issue was addressed with improved checks.

* <a name="CVE-2023-41993" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41993">CVE-2023-41993</a>
* Versions affected: WebKitGTK and WPE WebKit before 2.42.1.
* Credit to Bill Marczak of The Citizen Lab at The University of
Toronto's Munk School and Maddie Stone of Google's Threat Analysis
Group.
* Impact: Processing web content may lead to arbitrary code execution.
Apple is aware of a report that this issue may have been actively
exploited. Description: The issue was addressed with improved
checks.


We recommend updating to the latest stable versions of WebKitGTK and WPE
WebKit. It is the best way to ensure that you are running safe versions
of WebKit. Please check our websites for information about the latest
stable releases.

Further information about WebKitGTK and WPE WebKit security advisories can be found at:
[https://webkitgtk.org/security.html](https://webkitgtk.org/security.html) or [https://wpewebkit.org/security/](https://wpewebkit.org/security/).

0 comments on commit 9b35b52

Please sign in to comment.