Monday, January 15, 2024

[USN-6582-1] WebKitGTK vulnerability

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmWlTRIACgkQZWnYVadE
vpMJhg//TXy87bzGurUGJAoM2uXuXLNkEdUX2VY3mtklu2Ttd/FmXz/8utVJ6RF6
JoCcyBzpGCyU1uNwnT+gJRQVu9Gf2289F4Vmre0OtW0KOK8+elFO+pefjp9AHeUk
Asprx49PME8pZOmx1ax+U7SW0bY8XPM2W4ydiPBCqEfSB5FB7iF4MCPR1UgB+LhO
hN7swfo8EK5Ez3qVWWQQX/PH4S3XBoj5k2o2XbLIHU3z7yDA1jTAL3LTn4jvIS+C
CMEweT8MJNfNWov0UEYq5yMhKcbVaSaYaB9c4olCXaaSQwV5E2nf3PQKD55gZ1Mi
1toCz3C40s1/XwRwTkPXMWbPteX58B5l1m22h124iWPwCBDJLSu+S/ITZSomeFl0
7JX+rMEtSN03UkV3aZk+CZxH4Fo+Vq3LNPlDhJb17DsPFmg4dYExQ1PSMHa819L1
JpaQtB/hszlmrTQv61i+3xGYFZgZ75GkugS2zndFkZOdCG1aINTNbWQ4IbBnSJWz
PX+Tpk3hrsfQbU9/6bziqXfIKX0vm8UiXUEpxKVnMIN48YFdBPECjDOiGU0QU97h
q32kBav4XlU+y7+WgSfVSsbTMKnzUs3DLyGWBUDU29lPLqeDbuh2XwU420iM7zAQ
Xgalv8Sfz+E4KW3yNuGYS/y3fx5Ob0h2a0h/l1/mWS6CnLToGHw=
=bPnL
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6582-1
January 15, 2024

webkit2gtk vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in WebKitGTK.

Software Description:
- webkit2gtk: Web content engine library for GTK+

Details:

Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
libjavascriptcoregtk-4.0-18 2.42.4-0ubuntu0.23.10.1
libjavascriptcoregtk-4.1-0 2.42.4-0ubuntu0.23.10.1
libjavascriptcoregtk-6.0-1 2.42.4-0ubuntu0.23.10.1
libwebkit2gtk-4.0-37 2.42.4-0ubuntu0.23.10.1
libwebkit2gtk-4.1-0 2.42.4-0ubuntu0.23.10.1
libwebkitgtk-6.0-4 2.42.4-0ubuntu0.23.10.1

Ubuntu 23.04:
libjavascriptcoregtk-4.0-18 2.42.4-0ubuntu0.23.04.1
libjavascriptcoregtk-4.1-0 2.42.4-0ubuntu0.23.04.1
libjavascriptcoregtk-6.0-1 2.42.4-0ubuntu0.23.04.1
libwebkit2gtk-4.0-37 2.42.4-0ubuntu0.23.04.1
libwebkit2gtk-4.1-0 2.42.4-0ubuntu0.23.04.1
libwebkitgtk-6.0-4 2.42.4-0ubuntu0.23.04.1

Ubuntu 22.04 LTS:
libjavascriptcoregtk-4.0-18 2.42.4-0ubuntu0.22.04.1
libjavascriptcoregtk-4.1-0 2.42.4-0ubuntu0.22.04.1
libjavascriptcoregtk-6.0-1 2.42.4-0ubuntu0.22.04.1
libwebkit2gtk-4.0-37 2.42.4-0ubuntu0.22.04.1
libwebkit2gtk-4.1-0 2.42.4-0ubuntu0.22.04.1
libwebkitgtk-6.0-4 2.42.4-0ubuntu0.22.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6582-1
CVE-2023-42883

Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.42.4-0ubuntu0.23.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.42.4-0ubuntu0.23.04.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.42.4-0ubuntu0.22.04.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)