From 9b35b526c7f01c01de59d5d5a16ea5f3f86e1879 Mon Sep 17 00:00:00 2001 From: Carlos Alberto Lopez Perez Date: Thu, 28 Sep 2023 14:29:36 +0100 Subject: [PATCH] Release security advisory WSA-2023-0009 --- .../2023-09-28-security-advisory-2023-0009.md | 74 +++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 _posts/2023-09-28-security-advisory-2023-0009.md diff --git a/_posts/2023-09-28-security-advisory-2023-0009.md b/_posts/2023-09-28-security-advisory-2023-0009.md new file mode 100644 index 000000000..1d78c6129 --- /dev/null +++ b/_posts/2023-09-28-security-advisory-2023-0009.md @@ -0,0 +1,74 @@ +--- +layout: post +title: WebKitGTK and WPE WebKit Security Advisory WSA-2023-0009 +permalink: /security/WSA-2023-0009.html +tags: WSA +--- + +* Date Reported: **September 28, 2023** + +* Advisory ID: **WSA-2023-0009** + +* CVE identifiers: [CVE-2023-39928](#CVE-2023-39928), [CVE-2023-35074](#CVE-2023-35074), + [CVE-2023-39434](#CVE-2023-39434), [CVE-2023-40451](#CVE-2023-40451), + [CVE-2023-41074](#CVE-2023-41074), [CVE-2023-41993](#CVE-2023-41993). + + +Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. + +* CVE-2023-39928 + * Versions affected: WebKitGTK and WPE WebKit before 2.42.0. + * Credit to Marcin 'Icewall' Noga of Cisco Talos. + * A use-after-free vulnerability exists in the MediaRecorder API of + the WebKit GStreamer-based ports (WebKitGTK and WPE WebKit). A + specially crafted web page can abuse this vulnerability to cause + memory corruption and potentially arbitrary code execution. A user + would need to to visit a malicious webpage to trigger this + vulnerability. WebKit Bugzilla: 260649. + +* CVE-2023-35074 + * Versions affected: WebKitGTK and WPE WebKit before 2.40.0. + * Credit to Abysslab Dong Jun Kim(@smlijun) and Jong Seong + Kim(@nevul37). + * Impact: Processing web content may lead to arbitrary code execution. + Description: The issue was addressed with improved memory handling. + +* CVE-2023-39434 + * Versions affected: WebKitGTK and WPE WebKit before 2.40.5. + * Credit to Francisco Alonso (@revskills), and Dohyun Lee (@l33d0hyun) + of PK Security. + * Impact: Processing web content may lead to arbitrary code execution. + Description: A use-after-free issue was addressed with improved + memory management. + +* CVE-2023-40451 + * Versions affected: WebKitGTK and WPE WebKit before 2.40.5. + * Credit to an anonymous researcher. + * Impact: An attacker with JavaScript execution may be able to execute + arbitrary code. Description: This issue was addressed with improved + iframe sandbox enforcement. + +* CVE-2023-41074 + * Versions affected: WebKitGTK and WPE WebKit before 2.42.0. + * Credit to 이준성(Junsung Lee) of Cross Republic and me Li. + * Impact: Processing web content may lead to arbitrary code execution. + Description: The issue was addressed with improved checks. + +* CVE-2023-41993 + * Versions affected: WebKitGTK and WPE WebKit before 2.42.1. + * Credit to Bill Marczak of The Citizen Lab at The University of + Toronto's Munk School and Maddie Stone of Google's Threat Analysis + Group. + * Impact: Processing web content may lead to arbitrary code execution. + Apple is aware of a report that this issue may have been actively + exploited. Description: The issue was addressed with improved + checks. + + +We recommend updating to the latest stable versions of WebKitGTK and WPE +WebKit. It is the best way to ensure that you are running safe versions +of WebKit. Please check our websites for information about the latest +stable releases. + +Further information about WebKitGTK and WPE WebKit security advisories can be found at: +[https://webkitgtk.org/security.html](https://webkitgtk.org/security.html) or [https://wpewebkit.org/security/](https://wpewebkit.org/security/).