QID 356402
Date Published: 2023-10-19
QID 356402: Amazon Linux Security Advisory for webkitgtk4 : ALAS2-2023-2270
a use-after-free issue was addressed with improved memory management.
This issue is fixed in ios 16.4 and ipados 16.4, macos ventura 13.3.
Processing web content may lead to arbitrary code execution. (
( CVE-2023-28198) a logic issue was addressed with improved validation.
This issue is fixed in macos ventura 13.3.
Content security policy to block domains with wildcards may fail. (
( CVE-2023-32370) a flaw was found in webkitgtk.
This issue occurs when processing malicious web content, which may lead to arbitrary code execution. (
( CVE-2023-32393) the issue was addressed with improved checks.
This issue is fixed in ios 15.7.8 and ipados 15.7.8, ios 16.6 and ipados 16.6, tvos 16.6, macos ventura 13.5, safari 16.6, watchos 9.6.
Processing web content may disclose sensitive information. (
( CVE-2023-38133) the issue was addressed with improved checks.
A website may be able to bypass same origin policy. (
( CVE-2023-38572) a logic issue was addressed with improved restrictions.
This issue is fixed in ios 16.6 and ipados 16.6, watchos 9.6, tvos 16.6, macos ventura 13.5.
( CVE-2023-38592) the issue was addressed with improved checks.
( CVE-2023-38594) the issue was addressed with improved checks.
This issue is fixed in ios 16.6 and ipados 16.6, tvos 16.6, macos ventura 13.5, safari 16.6, watchos 9.6.
Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.
- ALAS2-2023-2270 -
alas.aws.amazon.com/AL2/ALAS-2023-2270.html
CVEs related to QID 356402
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ALAS2-2023-2270 | amazon linux 2 |
alas.aws.amazon.com/AL2/ALAS-2023-2270.html |