ASA-202505-3 log original external raw

[ASA-202505-3] webkit2gtk: arbitrary code execution
Arch Linux Security Advisory ASA-202505-3 ========================================= Severity: High Date : 2025-05-18 CVE-ID : CVE-2023-42875 CVE-2023-42970 Package : webkit2gtk Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-2869 Summary ======= The package webkit2gtk before version 2.48.2-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 2.48.2-1. # pacman -Syu "webkit2gtk>=2.48.2-1" The problems have been fixed upstream in version 2.48.2. Workaround ========== None. Description =========== - CVE-2023-42875 (arbitrary code execution) Processing malicious web content can cause a use-after-free issue due to improper memory handling and result in arbitrary code execution. The issue was addressed with improved memory handling. - CVE-2023-42970 (arbitrary code execution) Processing malicious web content can cause a use-after-free issue due to improper memory management and result in arbitrary code execution. Impact ====== A remote attacker could craft malicious web content that exploits use- after-free vulnerabilities in WPE WebKit, potentially leading to arbitrary code execution. This can compromise the confidentiality, integrity, and availability of affected systems, especially those rendering untrusted web content through WPE WebKit. References ========== https://webkitgtk.org/security/WSA-2025-0004.html https://wpewebkit.org/security/WSA-2025-0004.html https://webkitgtk.org/security/WSA-2025-0004.html#CVE-2023-42875 https://wpewebkit.org/security/WSA-2025-0004.html#CVE-2023-42875 https://webkitgtk.org/security/WSA-2025-0004.html#CVE-2023-42970 https://wpewebkit.org/security/WSA-2025-0004.html#CVE-2023-42970 https://security.archlinux.org/CVE-2023-42875 https://security.archlinux.org/CVE-2023-42970

[ASA-202505-3] webkit2gtk: arbitrary code execution

Arch Linux Security Advisory ASA-202505-3 ========================================= Severity: High Date : 2025-05-18 CVE-ID : CVE-2023-42875 CVE-2023-42970 Package : webkit2gtk Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-2869 Summary ======= The package webkit2gtk before version 2.48.2-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 2.48.2-1. # pacman -Syu "webkit2gtk>=2.48.2-1" The problems have been fixed upstream in version 2.48.2. Workaround ========== None. Description =========== - CVE-2023-42875 (arbitrary code execution) Processing malicious web content can cause a use-after-free issue due to improper memory handling and result in arbitrary code execution. The issue was addressed with improved memory handling. - CVE-2023-42970 (arbitrary code execution) Processing malicious web content can cause a use-after-free issue due to improper memory management and result in arbitrary code execution. Impact ====== A remote attacker could craft malicious web content that exploits use- after-free vulnerabilities in WPE WebKit, potentially leading to arbitrary code execution. This can compromise the confidentiality, integrity, and availability of affected systems, especially those rendering untrusted web content through WPE WebKit. References ========== https://webkitgtk.org/security/WSA-2025-0004.html https://wpewebkit.org/security/WSA-2025-0004.html https://webkitgtk.org/security/WSA-2025-0004.html#CVE-2023-42875 https://wpewebkit.org/security/WSA-2025-0004.html#CVE-2023-42875 https://webkitgtk.org/security/WSA-2025-0004.html#CVE-2023-42970 https://wpewebkit.org/security/WSA-2025-0004.html#CVE-2023-42970 https://security.archlinux.org/CVE-2023-42875 https://security.archlinux.org/CVE-2023-42970