=====================================================================

                               CERT-Renater

                    Note d'Information No. 2023/VULN203

_____________________________________________________________________

DATE                : 01/06/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running WebKitGTK, WPE WebKit versions
                       prior to 2.40.2.

=====================================================================
https://webkitgtk.org/security/WSA-2023-0004.html
https://wpewebkit.org/security/WSA-2023-0004.html
_____________________________________________________________________

------------------------------------------------------------------------
WebKitGTK and WPE WebKit Security Advisory                 WSA-2023-0004
------------------------------------------------------------------------

Date reported           : May 30, 2023
Advisory ID             : WSA-2023-0004
WebKitGTK Advisory URL  : https://webkitgtk.org/security/WSA-2023-0004.html
WPE WebKit Advisory URL : https://wpewebkit.org/security/WSA-2023-0004.html
CVE identifiers         : CVE-2023-28204, CVE-2023-32373.

Several vulnerabilities were discovered in WebKitGTK and WPE WebKit.

CVE-2023-28204
     Versions affected: WebKitGTK and WPE WebKit before 2.40.2.
     Credit to an anonymous researcher.
     Impact: Processing web content may disclose sensitive information.
     Apple is aware of a report that this issue may have been actively
     exploited. Description: An out-of-bounds read was addressed with
     improved input validation.

CVE-2023-32373
     Versions affected: WebKitGTK and WPE WebKit before 2.40.2.
     Credit to an anonymous researcher.
     Impact: Processing maliciously crafted web content may lead to
     arbitrary code execution. Apple is aware of a report that this 
issue may have been actively exploited. Description: A 
use-after-free issue was addressed with improved memory
     management.


We recommend updating to the latest stable versions of WebKitGTK
and WPE WebKit. It is the best way to ensure that you are running
safe versions of WebKit. Please check our websites for information
about the latest stable releases.

Further information about WebKitGTK and WPE WebKit security
advisories can be found at: https://webkitgtk.org/security.html
or https://wpewebkit.org/security/.


The WebKitGTK and WPE WebKit team,
May 30, 2023


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================