Headline
Ubuntu Security Notice USN-6631-1
Ubuntu Security Notice 6631-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
==========================================================================Ubuntu Security Notice USN-6631-1February 12, 2024webkit2gtk vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10- Ubuntu 22.04 LTSSummary:Several security issues were fixed in WebKitGTK.Software Description:- webkit2gtk: Web content engine library for GTK+Details:Several security issues were discovered in the WebKitGTK Web and JavaScriptengines. If a user were tricked into viewing a malicious website, a remoteattacker could exploit a variety of issues related to web browser security,including cross-site scripting attacks, denial of service attacks, andarbitrary code execution.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10: libjavascriptcoregtk-4.0-18 2.42.5-0ubuntu0.23.10.2 libjavascriptcoregtk-4.1-0 2.42.5-0ubuntu0.23.10.2 libjavascriptcoregtk-6.0-1 2.42.5-0ubuntu0.23.10.2 libwebkit2gtk-4.0-37 2.42.5-0ubuntu0.23.10.2 libwebkit2gtk-4.1-0 2.42.5-0ubuntu0.23.10.2 libwebkitgtk-6.0-4 2.42.5-0ubuntu0.23.10.2Ubuntu 22.04 LTS: libjavascriptcoregtk-4.0-18 2.42.5-0ubuntu0.22.04.2 libjavascriptcoregtk-4.1-0 2.42.5-0ubuntu0.22.04.2 libjavascriptcoregtk-6.0-1 2.42.5-0ubuntu0.22.04.2 libwebkit2gtk-4.0-37 2.42.5-0ubuntu0.22.04.2 libwebkit2gtk-4.1-0 2.42.5-0ubuntu0.22.04.2 libwebkitgtk-6.0-4 2.42.5-0ubuntu0.22.04.2This update uses a new upstream release, which includes additional bugfixes. After a standard system update you need to restart any applicationsthat use WebKitGTK, such as Epiphany, to make all the necessary changes.References: https://ubuntu.com/security/notices/USN-6631-1 CVE-2024-23206, CVE-2024-23213, CVE-2024-23222Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.42.5-0ubuntu0.23.10.2 https://launchpad.net/ubuntu/+source/webkit2gtk/2.42.5-0ubuntu0.22.04.2
Related news
Red Hat Security Advisory 2024-9679-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.
Red Hat Security Advisory 2024-9653-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.
Gentoo Linux Security Advisory 202407-13 - Multiple vulnerabilities have been discovered in WebKitGTK+, the worst of which could lead to arbitrary code execution Versions greater than or equal to 2.44.0:4 are affected.
Debian Linux Security Advisory 5618-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. An anonymous researcher discovered that a maliciously crafted webpage may be able to fingerprint the user. Wangtaiyu discovered that processing web content may lead to arbitrary code execution. Apple discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.
Debian Linux Security Advisory 5618-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. An anonymous researcher discovered that a maliciously crafted webpage may be able to fingerprint the user. Wangtaiyu discovered that processing web content may lead to arbitrary code execution. Apple discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.
Debian Linux Security Advisory 5618-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. An anonymous researcher discovered that a maliciously crafted webpage may be able to fingerprint the user. Wangtaiyu discovered that processing web content may lead to arbitrary code execution. Apple discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.
For their part, the U.S. did roll out new restrictions on the visas of any foreign individuals who misuse commercial spyware.
Apple Security Advisory 02-02-2024-1 - visionOS 1.0.2 addresses a code execution vulnerability.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, and watchOS to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2022-48618 (CVSS score: 7.8), concerns a bug in the kernel component. "An attacker with
Apple Security Advisory 01-22-2024-9 - tvOS 17.3 addresses code execution vulnerabilities.
Apple Security Advisory 01-22-2024-9 - tvOS 17.3 addresses code execution vulnerabilities.
Apple Security Advisory 01-22-2024-9 - tvOS 17.3 addresses code execution vulnerabilities.
Apple Security Advisory 01-22-2024-8 - watchOS 10.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-8 - watchOS 10.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-6 - macOS Ventura 13.6.4 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-5 - macOS Sonoma 14.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-5 - macOS Sonoma 14.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-5 - macOS Sonoma 14.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-3 - iOS 16.7.5 and iPadOS 16.7.5 addresses code execution vulnerabilities.
Apple Security Advisory 01-22-2024-3 - iOS 16.7.5 and iPadOS 16.7.5 addresses code execution vulnerabilities.
Apple Security Advisory 01-22-2024-3 - iOS 16.7.5 and iPadOS 16.7.5 addresses code execution vulnerabilities.
Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-2 - iOS 17.3 and iPadOS 17.3 addresses bypass and code execution vulnerabilities.
Apple Security Advisory 01-22-2024-1 - Safari 17.3 addresses code execution vulnerabilities.
Apple Security Advisory 01-22-2024-1 - Safari 17.3 addresses code execution vulnerabilities.
Apple has released new security updates for several products including a patch for a zero-day vulnerability which may have been exploited.