Headline
Ubuntu Security Notice USN-6732-1
Ubuntu Security Notice 6732-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
==========================================================================Ubuntu Security Notice USN-6732-1April 15, 2024webkit2gtk vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10- Ubuntu 22.04 LTSSummary:Several security issues were fixed in WebKitGTK.Software Description:- webkit2gtk: Web content engine library for GTK+Details:Several security issues were discovered in the WebKitGTK Web and JavaScriptengines. If a user were tricked into viewing a malicious website, a remoteattacker could exploit a variety of issues related to web browser security,including cross-site scripting attacks, denial of service attacks, andarbitrary code execution.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10: libjavascriptcoregtk-4.0-18 2.44.0-0ubuntu0.23.10.1 libjavascriptcoregtk-4.1-0 2.44.0-0ubuntu0.23.10.1 libjavascriptcoregtk-6.0-1 2.44.0-0ubuntu0.23.10.1 libwebkit2gtk-4.0-37 2.44.0-0ubuntu0.23.10.1 libwebkit2gtk-4.1-0 2.44.0-0ubuntu0.23.10.1 libwebkitgtk-6.0-4 2.44.0-0ubuntu0.23.10.1Ubuntu 22.04 LTS: libjavascriptcoregtk-4.0-18 2.44.0-0ubuntu0.22.04.1 libjavascriptcoregtk-4.1-0 2.44.0-0ubuntu0.22.04.1 libjavascriptcoregtk-6.0-1 2.44.0-0ubuntu0.22.04.1 libwebkit2gtk-4.0-37 2.44.0-0ubuntu0.22.04.1 libwebkit2gtk-4.1-0 2.44.0-0ubuntu0.22.04.1 libwebkitgtk-6.0-4 2.44.0-0ubuntu0.22.04.1This update uses a new upstream release, which includes additional bugfixes. After a standard system update you need to restart any applicationsthat use WebKitGTK, such as Epiphany, to make all the necessary changes.References: https://ubuntu.com/security/notices/USN-6732-1 CVE-2023-42843, CVE-2023-42950, CVE-2023-42956, CVE-2024-23252, CVE-2024-23254, CVE-2024-23263, CVE-2024-23280, CVE-2024-23284Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.44.0-0ubuntu0.23.10.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.44.0-0ubuntu0.22.04.1
Related news
Gentoo Linux Security Advisory 202407-13 - Multiple vulnerabilities have been discovered in WebKitGTK+, the worst of which could lead to arbitrary code execution Versions greater than or equal to 2.44.0:4 are affected.
Debian Linux Security Advisory 5684-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. Kacper Kwapisz discovered that visiting a malicious website may lead to address bar spoofing. Nan Wang and Rushikesh Nandedkar discovered that processing maliciously crafted web content may lead to arbitrary code execution. SungKwon Lee discovered that processing web content may lead to a denial-of-service. Various other issues were also addressed.
Apple Security Advisory 03-07-2024-7 - visionOS 1.1 addresses buffer overflow, bypass, code execution, and out of bounds read vulnerabilities.
Apple Security Advisory 03-07-2024-7 - visionOS 1.1 addresses buffer overflow, bypass, code execution, and out of bounds read vulnerabilities.
Apple Security Advisory 03-07-2024-7 - visionOS 1.1 addresses buffer overflow, bypass, code execution, and out of bounds read vulnerabilities.
Apple Security Advisory 03-07-2024-6 - tvOS 17.4 addresses buffer overflow, bypass, and code execution vulnerabilities.
Apple Security Advisory 03-07-2024-6 - tvOS 17.4 addresses buffer overflow, bypass, and code execution vulnerabilities.
Apple Security Advisory 03-07-2024-6 - tvOS 17.4 addresses buffer overflow, bypass, and code execution vulnerabilities.
Apple Security Advisory 03-07-2024-6 - tvOS 17.4 addresses buffer overflow, bypass, and code execution vulnerabilities.
Apple Security Advisory 03-07-2024-5 - watchOS 10.4 addresses buffer overflow, bypass, and code execution vulnerabilities.
Apple Security Advisory 03-07-2024-5 - watchOS 10.4 addresses buffer overflow, bypass, and code execution vulnerabilities.
Apple Security Advisory 03-07-2024-5 - watchOS 10.4 addresses buffer overflow, bypass, and code execution vulnerabilities.
Apple Security Advisory 03-07-2024-5 - watchOS 10.4 addresses buffer overflow, bypass, and code execution vulnerabilities.