Headline
Ubuntu Security Notice USN-7079-1
Ubuntu Security Notice 7079-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
==========================================================================Ubuntu Security Notice USN-7079-1October 22, 2024webkit2gtk vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 22.04 LTSSummary:Several security issues were fixed in WebKitGTK.Software Description:- webkit2gtk: Web content engine library for GTK+Details:Several security issues were discovered in the WebKitGTK Web and JavaScriptengines. If a user were tricked into viewing a malicious website, a remoteattacker could exploit a variety of issues related to web browser security,including cross-site scripting attacks, denial of service attacks, andarbitrary code execution.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS libjavascriptcoregtk-4.1-0 2.46.1-0ubuntu0.24.04.1 libjavascriptcoregtk-6.0-1 2.46.1-0ubuntu0.24.04.1 libwebkit2gtk-4.1-0 2.46.1-0ubuntu0.24.04.1 libwebkitgtk-6.0-4 2.46.1-0ubuntu0.24.04.1Ubuntu 22.04 LTS libjavascriptcoregtk-4.0-18 2.46.1-0ubuntu0.22.04.3 libjavascriptcoregtk-4.1-0 2.46.1-0ubuntu0.22.04.3 libjavascriptcoregtk-6.0-1 2.46.1-0ubuntu0.22.04.3 libwebkit2gtk-4.0-37 2.46.1-0ubuntu0.22.04.3 libwebkit2gtk-4.1-0 2.46.1-0ubuntu0.22.04.3 libwebkitgtk-6.0-4 2.46.1-0ubuntu0.22.04.3This update uses a new upstream release, which includes additional bugfixes. After a standard system update you need to restart any applicationsthat use WebKitGTK, such as Epiphany, to make all the necessary changes.References: https://ubuntu.com/security/notices/USN-7079-1 CVE-2024-40866, CVE-2024-44187Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.46.1-0ubuntu0.24.04.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.46.1-0ubuntu0.22.04.3
Related news
Red Hat Security Advisory 2024-8180-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-8180-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.
Debian Linux Security Advisory 5792-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. Hafiizh and YoKo Kho discovered that visiting a malicious website may lead to address bar spoofing. Narendra Bhati discovered that a malicious website may exfiltrate data cross-origin.
Debian Linux Security Advisory 5792-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. Hafiizh and YoKo Kho discovered that visiting a malicious website may lead to address bar spoofing. Narendra Bhati discovered that a malicious website may exfiltrate data cross-origin.
Apple Security Advisory 09-16-2024-6 - Safari 18 addresses cross site scripting and spoofing vulnerabilities.
Apple Security Advisory 09-16-2024-6 - Safari 18 addresses cross site scripting and spoofing vulnerabilities.