{"id":"MGASA-2023-0177","summary":"Updated webkit2 packages fix security vulnerability","details":"HTML document may be able to render iframes with sensitive user\ninformation (CVE-2022-0108)\nmaliciously crafted web content may lead to arbitrary code execution.\n(CVE-2022-32885)\nuse-after-free vulnerability exists in WebCore::RenderLayer. This issue\nallows remote attackers to execute arbitrary code or cause a denial of\nservice (memory corruption and application crash) via a crafted web site.\n(CVE-2023-25358)\nmaliciously crafted web content may bypass Same Origin Policy\n(CVE-2023-27932)\nWebsite may be able to track sensitive user information. Description: The\nissue was addressed by removing origin information. (CVE-2023-27954)\nmaliciously crafted web content may lead to arbitrary code execution\n(CVE-2023-28205)\n","modified":"2026-01-31T15:30:29.153733Z","published":"2023-05-21T08:42:44Z","related":["CVE-2022-0108","CVE-2022-32885","CVE-2023-25358","CVE-2023-27932","CVE-2023-27954","CVE-2023-28205"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0177.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=31854"},{"type":"REPORT","url":"https://webkitgtk.org/security/WSA-2023-0003.html"},{"type":"REPORT","url":"https://webkitgtk.org/2023/04/20/webkitgtk2.38.6-released.html"}],"affected":[{"package":{"name":"webkit2","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/webkit2?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.38.6-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0177.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}