=====================================================================

                             CERT-Renater

                  Note d'Information No. 2023/VULN049

_____________________________________________________________________

DATE                : 03/02/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running WebKitGTK, WPE WebKit versions
                                    prior to 2.38.4.

=====================================================================
https://webkitgtk.org/security/WSA-2023-0001.html
_____________________________________________________________________

------------------------------------------------------------------------
WebKitGTK and WPE WebKit Security Advisory                 WSA-2023-0001
------------------------------------------------------------------------

Date reported           : February 02, 2023
Advisory ID             : WSA-2023-0001
WebKitGTK Advisory URL  : https://webkitgtk.org/security/WSA-2023-0001.html
WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2023-0001.html
CVE identifiers         : CVE-2023-23517, CVE-2023-23518,
                           CVE-2022-42826.

Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.

CVE-2023-23517
     Versions affected: WebKitGTK and WPE WebKit before 2.38.4.
     Credit to YeongHyeon Choi (@hyeon101010), Hyeon Park
     (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn
     (@_ZeroSung),     JunSeo Bae (@snakebjs0107), Dohyun Lee
     (@l33d0hyun) of Team ApplePIE.
     Impact: Processing maliciously crafted web content may lead to
     arbitrary code execution. Description: The issue was addressed
     with improved memory handling.

CVE-2023-23518
     Versions affected: WebKitGTK and WPE WebKit before 2.38.4.
     Credit to YeongHyeon Choi (@hyeon101010), Hyeon Park
     (@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn
     (@_ZeroSung), JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun)
     of Team ApplePIE.
     Impact: Processing maliciously crafted web content may lead to
     arbitrary code execution. Description: The issue was addressed
     with improved memory handling.

CVE-2022-42826
     Versions affected: WebKitGTK and WPE WebKit before 2.38.4.
     Credit to Francisco Alonso (@revskills).
     Impact: Processing maliciously crafted web content may lead to
     arbitrary code execution. Description: A use after free issue
     was addressed with improved memory management.


We recommend updating to the latest stable versions of WebKitGTK and
WPE WebKit. It is the best way to ensure that you are running safe
versions of WebKit. Please check our websites for information about
the latest stable releases.

Further information about WebKitGTK and WPE WebKit security advisories
can be found at: https://webkitgtk.org/security.html or
https://wpewebkit.org/security/.

The WebKitGTK and WPE WebKit team,
February 02, 2023

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================