Updated 11 January 2024 (corrected OS 12 fix version)
First published 22 November 2023
CVSS 3.1: 8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Security vulnerabilities have been found in the Webkit browser engine used in IGEL OS. This affects the following IGEL products:
IGEL OS 12
IGEL OS 11
Details
A vulnerability in Webkit allows a remote attacker to potentially execute arbitrary code using web content. This is tracked as CVE-2023-42852 and rated high. As second issue can lead to denial of service and is also triggered by web content (CVE-2023-41983, medium).
Update Instructions
OS 12: Update to base system app version 12.3.1 (available 6 February)
OS 11: Update to version 11.09.150 (available 6 December)