Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-5618.NASL
HistoryFeb 09, 2024 - 12:00 a.m.

Debian dsa-5618 : gir1.2-javascriptcoregtk-4.0 - security update

2024-02-0900:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
debian 11
debian 12
security update
vulnerabilities
access restrictions
fingerprinting
memory handling
arbitrary code execution
type confusion
malicious webpage
nessus scanner

8.3 High

AI Score

Confidence

High

JSON

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5618 advisory.

  • An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user. (CVE-2024-23206)

  • The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. Processing web content may lead to arbitrary code execution. (CVE-2024-23213)

  • A type confusion issue was addressed with improved checks. This issue is fixed in tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited. (CVE-2024-23222)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dsa-5618. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('compat.inc');

if (description)
{
  script_id(190343);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/13");

  script_cve_id("CVE-2024-23206", "CVE-2024-23213", "CVE-2024-23222");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2024/02/13");

  script_name(english:"Debian dsa-5618 : gir1.2-javascriptcoregtk-4.0 - security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dsa-5618 advisory.

  - An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS
    17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A
    maliciously crafted webpage may be able to fingerprint the user. (CVE-2024-23206)

  - The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS
    17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. Processing web content
    may lead to arbitrary code execution. (CVE-2024-23213)

  - A type confusion issue was addressed with improved checks. This issue is fixed in tvOS 17.3, iOS 17.3 and
    iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS
    Monterey 12.7.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is
    aware of a report that this issue may have been exploited. (CVE-2024-23222)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bookworm/webkit2gtk");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/webkit2gtk");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-23206");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-23213");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2024-23222");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bullseye/webkit2gtk");
  script_set_attribute(attribute:"solution", value:
"Upgrade the gir1.2-javascriptcoregtk-4.0 packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-23222");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/01/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/02/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/02/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gir1.2-javascriptcoregtk-4.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gir1.2-javascriptcoregtk-4.1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gir1.2-javascriptcoregtk-6.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gir1.2-webkit-6.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gir1.2-webkit2-4.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gir1.2-webkit2-4.1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-18");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.1-0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.1-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-6.0-1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-6.0-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-37");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.0-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.1-0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwebkit2gtk-4.1-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwebkitgtk-6.0-4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libwebkitgtk-6.0-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:webkit2gtk-driver");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:12.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);

var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(11)\.[0-9]+|^(12)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 11.0 / 12.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);

var pkgs = [
    {'release': '11.0', 'prefix': 'gir1.2-javascriptcoregtk-4.0', 'reference': '2.42.5-1~deb11u1'},
    {'release': '11.0', 'prefix': 'gir1.2-webkit2-4.0', 'reference': '2.42.5-1~deb11u1'},
    {'release': '11.0', 'prefix': 'libjavascriptcoregtk-4.0-18', 'reference': '2.42.5-1~deb11u1'},
    {'release': '11.0', 'prefix': 'libjavascriptcoregtk-4.0-bin', 'reference': '2.42.5-1~deb11u1'},
    {'release': '11.0', 'prefix': 'libjavascriptcoregtk-4.0-dev', 'reference': '2.42.5-1~deb11u1'},
    {'release': '11.0', 'prefix': 'libwebkit2gtk-4.0-37', 'reference': '2.42.5-1~deb11u1'},
    {'release': '11.0', 'prefix': 'libwebkit2gtk-4.0-dev', 'reference': '2.42.5-1~deb11u1'},
    {'release': '11.0', 'prefix': 'libwebkit2gtk-4.0-doc', 'reference': '2.42.5-1~deb11u1'},
    {'release': '11.0', 'prefix': 'webkit2gtk-driver', 'reference': '2.42.5-1~deb11u1'},
    {'release': '12.0', 'prefix': 'gir1.2-javascriptcoregtk-4.0', 'reference': '2.42.5-1~deb12u1'},
    {'release': '12.0', 'prefix': 'gir1.2-javascriptcoregtk-4.1', 'reference': '2.42.5-1~deb12u1'},
    {'release': '12.0', 'prefix': 'gir1.2-javascriptcoregtk-6.0', 'reference': '2.42.5-1~deb12u1'},
    {'release': '12.0', 'prefix': 'gir1.2-webkit-6.0', 'reference': '2.42.5-1~deb12u1'},
    {'release': '12.0', 'prefix': 'gir1.2-webkit2-4.0', 'reference': '2.42.5-1~deb12u1'},
    {'release': '12.0', 'prefix': 'gir1.2-webkit2-4.1', 'reference': '2.42.5-1~deb12u1'},
    {'release': '12.0', 'prefix': 'libjavascriptcoregtk-4.0-18', 'reference': '2.42.5-1~deb12u1'},
    {'release': '12.0', 'prefix': 'libjavascriptcoregtk-4.0-bin', 'reference': '2.42.5-1~deb12u1'},
    {'release': '12.0', 'prefix': 'libjavascriptcoregtk-4.0-dev', 'reference': '2.42.5-1~deb12u1'},
    {'release': '12.0', 'prefix': 'libjavascriptcoregtk-4.1-0', 'reference': '2.42.5-1~deb12u1'},
    {'release': '12.0', 'prefix': 'libjavascriptcoregtk-4.1-dev', 'reference': '2.42.5-1~deb12u1'},
    {'release': '12.0', 'prefix': 'libjavascriptcoregtk-6.0-1', 'reference': '2.42.5-1~deb12u1'},
    {'release': '12.0', 'prefix': 'libjavascriptcoregtk-6.0-dev', 'reference': '2.42.5-1~deb12u1'},
    {'release': '12.0', 'prefix': 'libwebkit2gtk-4.0-37', 'reference': '2.42.5-1~deb12u1'},
    {'release': '12.0', 'prefix': 'libwebkit2gtk-4.0-dev', 'reference': '2.42.5-1~deb12u1'},
    {'release': '12.0', 'prefix': 'libwebkit2gtk-4.0-doc', 'reference': '2.42.5-1~deb12u1'},
    {'release': '12.0', 'prefix': 'libwebkit2gtk-4.1-0', 'reference': '2.42.5-1~deb12u1'},
    {'release': '12.0', 'prefix': 'libwebkit2gtk-4.1-dev', 'reference': '2.42.5-1~deb12u1'},
    {'release': '12.0', 'prefix': 'libwebkitgtk-6.0-4', 'reference': '2.42.5-1~deb12u1'},
    {'release': '12.0', 'prefix': 'libwebkitgtk-6.0-dev', 'reference': '2.42.5-1~deb12u1'},
    {'release': '12.0', 'prefix': 'webkit2gtk-driver', 'reference': '2.42.5-1~deb12u1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var _release = NULL;
  var prefix = NULL;
  var reference = NULL;
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (_release && prefix && reference) {
    if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : deb_report_get()
  );
  exit(0);
}
else
{
  var tested = deb_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'gir1.2-javascriptcoregtk-4.0 / gir1.2-javascriptcoregtk-4.1 / etc');
}
VendorProductVersionCPE
debiandebian_linuxgir1.2-javascriptcoregtk-4.0p-cpe:/a:debian:debian_linux:gir1.2-javascriptcoregtk-4.0
debiandebian_linuxgir1.2-javascriptcoregtk-4.1p-cpe:/a:debian:debian_linux:gir1.2-javascriptcoregtk-4.1
debiandebian_linuxgir1.2-javascriptcoregtk-6.0p-cpe:/a:debian:debian_linux:gir1.2-javascriptcoregtk-6.0
debiandebian_linuxgir1.2-webkit-6.0p-cpe:/a:debian:debian_linux:gir1.2-webkit-6.0
debiandebian_linuxgir1.2-webkit2-4.0p-cpe:/a:debian:debian_linux:gir1.2-webkit2-4.0
debiandebian_linuxgir1.2-webkit2-4.1p-cpe:/a:debian:debian_linux:gir1.2-webkit2-4.1
debiandebian_linuxlibjavascriptcoregtk-4.0-18p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-18
debiandebian_linuxlibjavascriptcoregtk-4.0-binp-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-bin
debiandebian_linuxlibjavascriptcoregtk-4.0-devp-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.0-dev
debiandebian_linuxlibjavascriptcoregtk-4.1-0p-cpe:/a:debian:debian_linux:libjavascriptcoregtk-4.1-0
Rows per page:
1-10 of 231

Related

nessus 19
openvas 14
fedora 2
osv 3
debian 1
ubuntu 1
apple 9
prion 3
cve 3
redhatcve 3
debiancve 3
ubuntucve 3
cvelist 3
amazon 2
attackerkb 1
cisa_kev 1
hivepro 1
malwarebytes 1
talosblog 2
oraclelinux 1
redhat 2
almalinux 1
thn 3
mageia 1
nessus
nessus
Ubuntu 22.04 LTS / 23.10 : WebKitGTK vulnerabilities (USN-6631-1)
2024-02-12 00:00:00
Fedora 38 : webkitgtk (2024-ca3f071aea)
2024-02-11 00:00:00
Fedora 39 : webkitgtk (2024-97faaca23d)
2024-02-08 00:00:00
openvas
openvas
Fedora: Security Advisory for webkitgtk (FEDORA-2024-97faaca23d)
2024-02-09 00:00:00
Ubuntu: Security Advisory (USN-6631-1)
2024-02-13 00:00:00
Fedora: Security Advisory for webkitgtk (FEDORA-2024-ca3f071aea)
2024-02-12 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: webkitgtk-2.42.5-1.fc39
2024-02-09 01:27:52
[SECURITY] Fedora 38 Update: webkitgtk-2.42.5-1.fc38
2024-02-11 05:40:11
osv
osv
webkit2gtk - security update
2024-02-08 00:00:00
webkit2gtk vulnerabilities
2024-02-12 13:07:31
Important: webkit2gtk3 security update
2024-04-30 00:00:00
debian
debian
[SECURITY] [DSA 5618-1] webkit2gtk security update
2024-02-08 23:24:14
ubuntu
ubuntu
WebKitGTK vulnerabilities
2024-02-12 00:00:00
apple
apple
About the security content of Safari 17.3
2024-01-22 00:00:00
About the security content of iOS 16.7.5 and iPadOS 16.7.5
2024-01-22 00:00:00
About the security content of visionOS 1.0.2
2024-01-31 00:00:00
prion
prion
Code injection
2024-01-23 01:15:00
Design/Logic Flaw
2024-01-23 01:15:00
Type confusion
2024-01-23 01:15:00
cve
cve
CVE-2024-23213
2024-01-23 01:15:11
CVE-2024-23206
2024-01-23 01:15:10
CVE-2024-23222
2024-01-23 01:15:11
redhatcve
redhatcve
CVE-2024-23206
2024-03-15 22:37:45
CVE-2024-23213
2024-03-18 16:23:54
CVE-2024-23222
2024-01-24 12:25:02
debiancve
debiancve
CVE-2024-23206
2024-01-23 01:15:10
CVE-2024-23213
2024-01-23 01:15:11
CVE-2024-23222
2024-01-23 01:15:11
ubuntucve
ubuntucve
CVE-2024-23213
2024-01-23 00:00:00
CVE-2024-23206
2024-01-23 00:00:00
CVE-2024-23222
2024-01-23 00:00:00
cvelist
cvelist
CVE-2024-23213
2024-01-23 00:25:24
CVE-2024-23206
2024-01-23 00:25:22
CVE-2024-23222
2024-01-23 00:25:37
amazon
amazon
Important: webkitgtk4
2024-02-15 03:52:00
Important: webkitgtk4
2024-02-01 19:57:00
attackerkb
attackerkb
CVE-2024-23222
2024-01-23 00:00:00
cisa_kev
cisa_kev
Apple Multiple Products WebKit Type Confusion Vulnerability
2024-01-23 00:00:00
hivepro
hivepro
Apple Fixes First Actively Exploited Zero-day of 2024
2024-01-24 08:44:14
malwarebytes
malwarebytes
Update now! Apple releases patch for zero-day vulnerability
2024-01-24 10:37:20
talosblog
talosblog
Spyware isn’t going anywhere, and neither are its tactics
2024-02-08 19:00:53
Why is the cost of cyber insurance rising?
2024-01-25 19:00:35
oraclelinux
oraclelinux
webkit2gtk3 security update
2024-05-02 00:00:00
redhat
redhat
(RHSA-2024:2126) Important: webkit2gtk3 security update
2024-04-30 06:14:49
(RHSA-2023:4201) Important: webkit2gtk3 security update
2023-07-18 14:24:50
almalinux
almalinux
Important: webkit2gtk3 security update
2024-04-30 00:00:00
thn
thn
Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now
2024-01-23 01:30:00
CISA Warns of Active Exploitation Apple iOS and macOS Vulnerability
2024-02-01 05:02:00
Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws
2024-03-06 05:54:00
mageia
mageia
Updated webkit2 packages fix security vulnerabilities
2024-04-26 09:47:12

8.3 High

AI Score

Confidence

High

JSON
Related for DEBIAN_DSA-5618.NASL
nessus19openvas14fedora2osv3debian1ubuntu1apple9prion3cve3redhatcve3debiancve3ubuntucve3cvelist3amazon2attackerkb1cisa_kev1hivepro1malwarebytes1talosblog2oraclelinux1redhat2almalinux1thn3mageia1