ISN 2023-31: Webkit Vulnerabilities

Updated 11 January 2024 (corrected OS 12 fix version)

First published 22 November 2023

CVSS 3.1: 8.8 (High)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Security vulnerabilities have been found in the Webkit browser engine used in IGEL OS. This affects the following IGEL products:

• IGEL OS 12
• IGEL OS 11

Details

A vulnerability in Webkit allows a remote attacker to potentially execute arbitrary code using web content. This is tracked as CVE-2023-42852 and rated high. As second issue can lead to denial of service and is also triggered by web content (CVE-2023-41983, medium).

Update Instructions

• OS 12: Update to base system app version 12.3.1 (available 6 February)
• OS 11: Update to version 11.09.150 (available 6 December)

References

• CVE-2023-42852: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42852
• CVE-2023-41983: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41983