==========================================================================
Ubuntu Security Notice USN-4331-1
April 20, 2020
webkit2gtk vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 19.10
– Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
– webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.10:
libjavascriptcoregtk-4.0-18 2.28.1-0ubuntu0.19.10.1
libwebkit2gtk-4.0-37 2.28.1-0ubuntu0.19.10.1
Ubuntu 18.04 LTS:
libjavascriptcoregtk-4.0-18 2.28.1-0ubuntu0.18.04.1
libwebkit2gtk-4.0-37 2.28.1-0ubuntu0.18.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
https://usn.ubuntu.com/4331-1
CVE-2020-11793
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.28.1-0ubuntu0.19.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.28.1-0ubuntu0.18.04.1
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl6dpPkACgkQZWnYVadE
vpO7sg//Y7QgBi8WkU3M4usWWsq2xPYSC+H13rh65/xZWVTSE5fuw7UbpMimDCO1
H+IMJcUZaABx3zWFVmoilL1YdYacMa5syIUJpXvRKXdbax/EtVqO2AxSPb2OuKrD
o1fbhUiqzCEuK8IG1NyjXgXUgBbTLbXPVnzNYG2JuTHwJ1GCf4z4G+h2xmh9fM+g
zgdvPP+oyfkWyY/aBGKZ4BEmtSfCHmdkTyVMeaTNHETFuQVv4eh90OEFFiiIcCSq
yfqJLAhnQUUg8m7YsZUN3i8UK05gxDlujgy79vCj1Uw1hwJSlgrfHfdWfdJwAgxP
PsAdTXa2ds30fQj3JWxRMJ61CcMVk2iA0x+xDto+iUQRQ5/aCywrxAiFjWmhD2hD
zqtSe6ZfD8snM1bEK+rk+7kTb7Gh7AnIkm+1VWtGJUXN8JO76KxkdVd0EWAH5rLl
k9z/GLPY80IXPCYzaGA4atehZMdZFbOxNxOw8AFQJJnkeJeLYSTJ6TNyfyVBW3K9
3+G+R1aZJBl/orKTZug8e5j3dkykdIJHyp018NtqRyQ8jx74FAYqWg0l8qX/qgpK
f0fUEE1o6Dp/6U8zjyBQzO7OEcxPbbJrWtK8FpO10LHJS7qdCJ1GBa8aEM0uK2XN
O3a0GNS8Aj7A2n6Wsww6gdZ8G1S9vDpuHRnrCntGbQAkUm3r6L0=
=FN96
—–END PGP SIGNATURE—–
—