<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsa id= "202401-33" >
<title > WebKitGTK+: Multiple Vulnerabilities</title>
<synopsis > Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to remote code execution.</synopsis>
<product type= "ebuild" > webkit-gtk</product>
<announced > 2024-01-31</announced>
<revised count= "1" > 2024-01-31</revised>
<bug > 915222</bug>
<bug > 918667</bug>
<bug > 920667</bug>
<access > remote</access>
<affected >
<package name= "net-libs/webkit-gtk" auto= "yes" arch= "*" >
<unaffected range= "ge" slot= "4" > 2.42.2</unaffected>
<unaffected range= "ge" slot= "4.1" > 2.42.2</unaffected>
<unaffected range= "ge" slot= "6" > 2.42.2</unaffected>
<vulnerable range= "lt" slot= "4" > 2.42.2</vulnerable>
<vulnerable range= "lt" slot= "4.1" > 2.42.2</vulnerable>
<vulnerable range= "lt" slot= "6" > 2.42.2</vulnerable>
</package>
</affected>
<background >
<p > WebKitGTK+ is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.</p>
</background>
<description >
<p > Multiple vulnerabilities have been discovered in WebKitGTK+. Please review the CVE identifiers referenced below for details.</p>
</description>
<impact type= "high" >
<p > Please review the referenced CVE identifiers for details.</p>
</impact>
<workaround >
<p > There is no known workaround at this time.</p>
</workaround>
<resolution >
<p > All WebKitGTK+ users should upgrade to the latest version:</p>
<code >
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.42.2"
</code>
</resolution>
<references >
<uri link= "https://nvd.nist.gov/vuln/detail/CVE-2023-32359" > CVE-2023-32359</uri>
<uri link= "https://nvd.nist.gov/vuln/detail/CVE-2023-35074" > CVE-2023-35074</uri>
<uri link= "https://nvd.nist.gov/vuln/detail/CVE-2023-39434" > CVE-2023-39434</uri>
<uri link= "https://nvd.nist.gov/vuln/detail/CVE-2023-39928" > CVE-2023-39928</uri>
<uri link= "https://nvd.nist.gov/vuln/detail/CVE-2023-40451" > CVE-2023-40451</uri>
<uri link= "https://nvd.nist.gov/vuln/detail/CVE-2023-41074" > CVE-2023-41074</uri>
<uri link= "https://nvd.nist.gov/vuln/detail/CVE-2023-41983" > CVE-2023-41983</uri>
<uri link= "https://nvd.nist.gov/vuln/detail/CVE-2023-41993" > CVE-2023-41993</uri>
<uri link= "https://nvd.nist.gov/vuln/detail/CVE-2023-42852" > CVE-2023-42852</uri>
<uri link= "https://nvd.nist.gov/vuln/detail/CVE-2023-42890" > CVE-2023-42890</uri>
<uri link= "https://webkitgtk.org/security/WSA-2023-0009.html" > WSA-2023-0009</uri>
</references>
<metadata tag= "requester" timestamp= "2024-01-31T14:29:39.449978Z" > graaff</metadata>
<metadata tag= "submitter" timestamp= "2024-01-31T14:29:39.452391Z" > graaff</metadata>
</glsa>