Headline
Ubuntu Security Notice USN-5561-1
Ubuntu Security Notice 5561-1 - It was discovered that GNOME Web incorrectly filtered certain strings. A remote attacker could use this issue to perform cross-site scripting attacks. This issue only affected Ubuntu 20.04 LTS. It was discovered that GNOME Web incorrectly handled certain long page titles. A remote attacker could use this issue to cause GNOME Web to crash, resulting in a denial of service, or possibly execute arbitrary code.
==========================================================================Ubuntu Security Notice USN-5561-1August 10, 2022epiphany-browser vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in GNOME Web.Software Description:- epiphany-browser: Intuitive GNOME web browserDetails:It was discovered that GNOME Web incorrectly filtered certain strings. Aremote attacker could use this issue to perform cross-site scripting (XSS)attacks. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-45085,CVE-2021-45086, CVE-2021-45087)It was discovered that GNOME Web incorrectly handled certain long pagetitles. A remote attacker could use this issue to cause GNOME Web to crash,resulting in a denial of service, or possibly execute arbitrary code.(CVE-2022-29536)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS: epiphany-browser 42.1-1ubuntu1Ubuntu 20.04 LTS: epiphany-browser 3.36.4-0ubuntu2After a standard system update you need to restart GNOME Web to make allthe necessary changes.References: https://ubuntu.com/security/notices/USN-5561-1 CVE-2021-45085, CVE-2021-45086, CVE-2021-45087, CVE-2022-29536Package Information: https://launchpad.net/ubuntu/+source/epiphany-browser/42.1-1ubuntu1 https://launchpad.net/ubuntu/+source/epiphany-browser/3.36.4-0ubuntu2
Related news
Gentoo Linux Security Advisory 202405-27 - A vulnerability has been discovered in Epiphany, which can lead to a buffer overflow. Versions greater than or equal to 42.4 are affected.
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.