Michael Catanzaro

**Name of the Vulnerable Software and Affected Versions** SoupServer (affected versions not specified) **Description** A flaw exists in SoupServer related to improper handling of HTTP requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. This can lead to an HTTP request smuggling condition. An unauthenticated, remote client can exploit this by sending crafted requests, preventing SoupServer from properly closing connections as defined by RFC 9112. Successful exploitation allows an attacker to smuggle additional requests over the persistent connection, potentially resulting in unintended request processing and denial-of-service (DoS) conditions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNOME Epiphany versions prior to 41.4 GNOME Epiphany versions 42.x prior to 42.2 **Description** The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered, allowing an HTML document to trigger a client buffer overflow via a long page title. This happens in the `ephy string shorten` function within the UI process. **Recommendations** For GNOME Epiphany versions prior to 41.4, update to version 41.4 or later. For GNOME Epiphany versions 42.x prior to 42.2, update to version 42.2 or later. As a temporary workaround, consider restricting the use of long page titles until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WebKitGTK versions prior to 2.34.1 WPE WebKit versions prior to 2.34.1 **Description** The issue is related to insecure privilege management in WebKitGTK and WPE WebKit, allowing a remote attacker to impact the integrity of protected information. It involves a limited sandbox bypass, where a sandboxed process can trick host processes into thinking it is not confined by the sandbox. This is achieved by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. **Recommendations** For WebKitGTK versions prior to 2.34.1, update to version 2.34.1 or later. For WPE WebKit versions prior to 2.34.1, update to version 2.34.1 or later. As a temporary workaround, consider restricting access to the `BubblewrapLauncher.cpp` module until a patch is available.

Name of the Vulnerable Software and Affected Versions: GNOME libgda versions prior to 6.0.1 Description: The issue is related to the failure to enable TLS certificate verification on the SoupSessionSync objects created in gda-web-provider.c, making users susceptible to network man-in-the-middle (MITM) attacks. Recommendations: For versions prior to 6.0.1, update to version 6.0.1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: GNOME libgfbgraph versions prior to 0.2.5 Description: The issue is related to the lack of TLS certificate verification in the SoupSessionSync objects created by gfbgraph-photo.c, making users susceptible to network man-in-the-middle (MITM) attacks. Recommendations: For versions prior to 0.2.5, update to version 0.2.5 or later to enable TLS certificate verification and prevent MITM attacks.

Name of the Vulnerable Software and Affected Versions: GNOME libzapojit versions prior to 0.0.4 Description: The issue arises from the failure to enable TLS certificate verification on the SoupSessionSync objects created in zpj-skydrive.c, making users susceptible to network man-in-the-middle (MITM) attacks. Recommendations: For versions prior to 0.0.4, update to version 0.0.4 or later to enable TLS certificate verification and prevent MITM attacks.

Name of the Vulnerable Software and Affected Versions: GNOME evolution-rss versions prior to 0.3.97 Description: The issue allows for network man-in-the-middle (MITM) attacks due to the lack of TLS certificate verification. This is caused by the failure to enable verification on the SoupSessionSync objects created in network-soup.c. Recommendations: For versions prior to 0.3.97, update to version 0.3.97 or later to enable TLS certificate verification and prevent MITM attacks.

Name of the Vulnerable Software and Affected Versions: GNOME grilo versions prior to 0.3.14 Description: The issue is related to the lack of TLS certificate verification in the SoupSessionAsync objects created by grl-net-wc.c, making users susceptible to network man-in-the-middle (MITM) attacks. Recommendations: For versions prior to 0.3.14, update to version 0.3.14 or later to enable TLS certificate verification and prevent MITM attacks.

**Name of the Vulnerable Software and Affected Versions** WebKitGTK and WPE WebKit versions prior to 2.24.1 **Description** The issue is related to the incorrect handling of data when loading video in real-time, which can allow a remote attacker to gain unauthorized access to protected information. This is due to the failure to properly apply configured HTTP proxy settings when downloading livestream video, resulting in deanonymization. **Recommendations** For versions prior to 2.24.1, update to version 2.24.1 or later to resolve the issue. As a temporary workaround, consider restricting access to livestream video downloads until the update is applied.

**Name of the Vulnerable Software and Affected Versions** WebKitGTK+ versions 2.20.0 through 2.20.1 **Description** The issue is related to the libsoup network backend of WebKit, specifically in the WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp file. It failed to perform TLS certificate verification for WebSocket connections. **Recommendations** For WebKitGTK+ versions 2.20.0 and 2.20.1, consider updating to a version that includes the fix for this issue, as the current versions do not properly verify TLS certificates for WebSocket connections. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNOME Web (Epiphany) versions 3.23 before 3.23.5 GNOME Web (Epiphany) versions 3.22 before 3.22.6 GNOME Web (Epiphany) versions 3.20 before 3.20.7 GNOME Web (Epiphany) versions 3.18 before 3.18.11 GNOME Web (Epiphany) versions prior to 3.18 **Description** The issue allows for a password manager sweep attack, resulting in the remote exfiltration of stored passwords for a selected set of websites. **Recommendations** For versions 3.23 before 3.23.5, update to version 3.23.5 or later. For versions 3.22 before 3.22.6, update to version 3.22.6 or later. For versions 3.20 before 3.20.7, update to version 3.20.7 or later. For versions 3.18 before 3.18.11, update to version 3.18.11 or later. For versions prior to 3.18, update to version 3.18 or later.

**Name of the Vulnerable Software and Affected Versions** Shotwell version 0.22.0 **Description** The issue is related to a TLS/SSL certification validation flaw, which could lead to man-in-the-middle attacks. **Recommendations** For version 0.22.0, update to a newer version that includes a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** libgrss versions prior to 0.7.1 **Description** The issue is related to the failure of libgrss to perform TLS certificate verification when downloading feeds. This is due to the default behavior of SoupSessionSync, allowing remote attackers to manipulate feed contents without detection. The vulnerability can be exploited by a remote attacker to impact data integrity. **Recommendations** For libgrss versions prior to 0.7.1, update to version 0.7.1 or later to resolve the issue. As a temporary workaround, consider disabling the use of SoupSessionSync until a patch is available. Restrict access to feeds from untrusted sources to minimize the risk of exploitation.