Ubuntu Security Notice 6842-1 - It was discovered that gdb incorrectly handled certain memory operations when parsing an ELF file. An attacker could possibly use this issue to cause a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. This issue only affected Ubuntu 22.04 LTS. It was discovered that gdb incorrectly handled memory leading to a heap based buffer overflow. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.
6e5de4834e3a280deea1fc2358e98e78dfa33394d8ea2735107c8c05ed51dafd
Ubuntu Security Notice 6544-1 - It was discovered that GNU binutils incorrectly handled certain COFF files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU binutils was not properly performing bounds checks in several functions, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
9f2d15cd39eb8aa25961b37f885531e1ac117b562c6ee00429e116f924ee59f1
Red Hat Security Advisory 2023-7394-01 - An update for binutils is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a null pointer vulnerability.
46970c8469ddba80ca17ba60c89e56c1547502aa32725b53826c71afd9cab02e
Red Hat Security Advisory 2023-6593-01 - An update for binutils is now available for Red Hat Enterprise Linux 9. Issues addressed include a null pointer vulnerability.
7a09aa07f9f63c58027888c2722808e5f6a6aabbf723e45f017d87300be92a8d
Red Hat Security Advisory 2023-6236-01 - An update for binutils is now available for Red Hat Enterprise Linux 8. Issues addressed include a null pointer vulnerability.
6159a177bdaeacd45d6c19f682a3b8650a38b16ed2d90f990212796a624405f6
Gentoo Linux Security Advisory 202309-15 - Multiple vulnerabilities have been found in GNU Binutils, the worst of which could result in denial of service. Versions greater than or equal to 2.40 are affected.
86ddcc309764b6b66059868311e9f0b2422e461c8da2f228600256baa9c81ff0
Gentoo Linux Security Advisory 202305-32 - Multiple vulnerabilities have been found in WebkitGTK+, the worst of which could result in arbitrary code execution. Versions greater than or equal to 2.40.1 are affected.
906ab1ece4af058a436e7f776c3157d7dbe079d880f2fc7014b44b4ea3fab838
Red Hat Security Advisory 2023-3269-01 - The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Issues addressed include buffer overflow and null pointer vulnerabilities.
a289180fa7285e4d383b228c646180c2d4e702f9b90480dcf8cd3802e8af9b79
Red Hat Security Advisory 2023-2834-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include buffer overflow, bypass, code execution, information leakage, out of bounds write, and use-after-free vulnerabilities.
6a679e9dc0d3212115b238f42e43baea6a5e8542be4f1c84823386414d8836cb
Red Hat Security Advisory 2023-2873-01 - The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Issues addressed include a null pointer vulnerability.
2511429317e75ef67435d655c0c9a8627cffcaa58f29c2dd01de3bac59fa5fe3
Red Hat Security Advisory 2023-2256-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include buffer overflow, bypass, code execution, information leakage, out of bounds write, and use-after-free vulnerabilities.
c78b6b040671645ff6447422206821720744b5b0c57d3fee6c3de3b6593dcdbb
Apple Security Advisory 2023-01-23-3 - iOS 12.5.7 addresses a code execution vulnerability.
ca20c54235d1a4f84eeec3a278849a37e4ef1d9e2f491eaed9b3aa083fde48a7
On newer macOS/iOS versions, entitlements in binary signature blobs are stored in the DER format. libCoreEntitlements.dylib is the userspace library for parsing and querying such entitlements. The kernel has its own version of this library inside the AppleMobileFileIntegrity module. libCoreEntitlements exposes several functions, such as, for example, to convert entitlements to a dictionary representation (e.g. CEQueryContextToCFDictionary) or to query a specific entitlement (CEContextQuery). Unfortunately, different functions traverse the DER structure in a subtly different way, which allows one API to see one set of entitlements and another API to see a different set of entitlements.
9313c983a56ba7500d8b9861b16b1c103ae3a9454de12a836126f89cec59a1b8
Ubuntu Security Notice 5797-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
7d038cf5cf0d352110b29efd7ebf03b7f41defff9ed3da1235cfdddef29584cd
Red Hat Security Advisory 2023-0021-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.
380feba1edc129a40491caee760575dd2da40706caf7f32c9ef7e91807e7c062
Red Hat Security Advisory 2023-0016-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.
856ff1b00766475f24b08c50c63bdd2842a0f41702c155c94a49b75d00a796f3
Debian Linux Security Advisory 5309-1 - Vulnerabilities have been discovered in the WPE WebKit web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Dohyun Lee and Ryan Shin discovered that processing maliciously crafted web content may disclose sensitive user information. Various other issues have also been addressed.
b6a4ddff8422c104447a74d4cd2afa4b8991b2e496ca694ad77acf12e52cc9e6
Debian Linux Security Advisory 5308-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. hazbinhotel discovered that processing maliciously crafted web content may result in the disclosure of process memory. Maddie Stone discovered that processing maliciously crafted web content may lead to arbitrary code execution. KirtiKumar Anandrao Ramchandani discovered that processing maliciously crafted web content may bypass Same Origin Policy. Multiple other issues were also addressed.
14928aa1c41eb7f7fba504e112497c87923df5cb9caf334ac3fa7072e2ab78aa
Apple Security Advisory 2022-12-13-9 - Safari 16.2 addresses bypass, code execution, and use-after-free vulnerabilities.
87491cf833b3a49e10aa9918314bf6489321d8e04cec6939d195cb3f70c77dc2
Apple Security Advisory 2022-12-13-8 - watchOS 9.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.
cbfa8ceb09614901b4b0bb05115fb58ae50c3fb04ef6395b18e75c81436f174b
Apple Security Advisory 2022-12-13-7 - tvOS 16.2 addresses bypass, code execution, integer overflow, out of bounds write, spoofing, and use-after-free vulnerabilities.
74ff4e02487d4bc615b6697e750a64c98e8fc416e7a5b739eed037fe127f069f
Apple Security Advisory 2022-12-13-5 - macOS Monterey 12.6.2 addresses bypass, code execution, and integer overflow vulnerabilities.
79a709b247d426bc8ab1d7a71fb6c94fddc8ffaba7db1441df2a880027444228
Apple Security Advisory 2022-12-13-4 - macOS Ventura 13.1 addresses bypass, code execution, out of bounds access, out of bounds write, spoofing, and use-after-free vulnerabilities.
b3bbef4a98914d0e5167d5e357e15f513f9d357c6df7cfdad446ecc8856061ac
Apple Security Advisory 2022-12-13-3 - iOS 16.1.2 addresses a code execution vulnerability.
3b5d9bba95f3634a64c2835668e5a726e2c51758bd9516987236fb25666d5d7f
Apple Security Advisory 2022-12-13-2 - iOS 15.7.2 and iPadOS 15.7.2 addresses bypass, code execution, integer overflow, out of bounds write, and spoofing vulnerabilities.
e526cdedd8ce35da09dee49922c773c4c21c09a4f4ffb9a56567d00adb6def9c