Headline
Ubuntu Security Notice USN-7113-1
Ubuntu Security Notice 7113-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
==========================================================================
Ubuntu Security Notice USN-7113-1
November 18, 2024
webkit2gtk vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in WebKitGTK.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
libjavascriptcoregtk-4.1-0 2.46.3-0ubuntu0.24.10.1
libjavascriptcoregtk-6.0-1 2.46.3-0ubuntu0.24.10.1
libwebkit2gtk-4.1-0 2.46.3-0ubuntu0.24.10.1
libwebkitgtk-6.0-4 2.46.3-0ubuntu0.24.10.1
Ubuntu 24.04 LTS
libjavascriptcoregtk-4.1-0 2.46.3-0ubuntu0.24.04.1
libjavascriptcoregtk-6.0-1 2.46.3-0ubuntu0.24.04.1
libwebkit2gtk-4.1-0 2.46.3-0ubuntu0.24.04.1
libwebkitgtk-6.0-4 2.46.3-0ubuntu0.24.04.1
Ubuntu 22.04 LTS
libjavascriptcoregtk-4.0-18 2.46.3-0ubuntu0.22.04.1
libjavascriptcoregtk-4.1-0 2.46.3-0ubuntu0.22.04.1
libjavascriptcoregtk-6.0-1 2.46.3-0ubuntu0.22.04.1
libwebkit2gtk-4.0-37 2.46.3-0ubuntu0.22.04.1
libwebkit2gtk-4.1-0 2.46.3-0ubuntu0.22.04.1
libwebkitgtk-6.0-4 2.46.3-0ubuntu0.22.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7113-1
CVE-2024-44244, CVE-2024-44296
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.46.3-0ubuntu0.24.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.46.3-0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.46.3-0ubuntu0.22.04.1
Related news
Red Hat Security Advisory 2024-9680-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-9653-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-9637-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Debian Linux Security Advisory 5804-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. An anonymous researcher, Q1IQ (@q1iqF) and P1umer discovered that processing maliciously crafted web content may lead to an unexpected process crash. Narendra Bhati discovered that processing maliciously crafted web content may prevent Content Security Policy from being enforced.
Debian Linux Security Advisory 5804-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. An anonymous researcher, Q1IQ (@q1iqF) and P1umer discovered that processing maliciously crafted web content may lead to an unexpected process crash. Narendra Bhati discovered that processing maliciously crafted web content may prevent Content Security Policy from being enforced.
Apple Security Advisory 10-29-2024-1 - Safari 18.1 addresses an information leakage vulnerability.
Apple Security Advisory 10-29-2024-1 - Safari 18.1 addresses an information leakage vulnerability.
Apple Security Advisory 10-28-2024-8 - visionOS 2.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 10-28-2024-8 - visionOS 2.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 10-28-2024-7 - tvOS 18.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 10-28-2024-7 - tvOS 18.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 10-28-2024-6 - watchOS 11.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 10-28-2024-6 - watchOS 11.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 10-28-2024-3 - macOS Sequoia 15.1 addresses bypass, information leakage, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 10-28-2024-3 - macOS Sequoia 15.1 addresses bypass, information leakage, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 10-28-2024-2 - iOS 17.7.1 and iPadOS 17.7.1 addresses buffer overflow, information leakage, and out of bounds read vulnerabilities.
Apple Security Advisory 10-28-2024-1 - iOS 18.1 and iPadOS 18.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.
Apple Security Advisory 10-28-2024-1 - iOS 18.1 and iPadOS 18.1 addresses information leakage, out of bounds read, and use-after-free vulnerabilities.