==========================================================================
Ubuntu Security Notice USN-3514-1
January 03, 2018
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 17.10
– Ubuntu 17.04
– Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description:
– webkit2gtk: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.10:
libjavascriptcoregtk-4.0-18 2.18.4-0ubuntu0.17.10.1
libwebkit2gtk-4.0-37 2.18.4-0ubuntu0.17.10.1
Ubuntu 17.04:
libjavascriptcoregtk-4.0-18 2.18.4-0ubuntu0.17.04.1
libwebkit2gtk-4.0-37 2.18.4-0ubuntu0.17.04.1
Ubuntu 16.04 LTS:
libjavascriptcoregtk-4.0-18 2.18.4-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 2.18.4-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3514-1
CVE-2017-13856, CVE-2017-13866, CVE-2017-13870, CVE-2017-7156
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.4-0ubuntu0.17.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.4-0ubuntu0.17.04.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.4-0ubuntu0.16.04.1
—–BEGIN PGP SIGNATURE—–
iQIcBAEBCgAGBQJaTR6mAAoJEGVp2FWnRL6Tc0UP+gKjvD4JEJNDFBjTwpVU4aEw
ofKhLmf+824WpFVHjcRInYg/WqxNSQCe3Rj/8bRL+33h4qEQxJ7PvEMtD3d54Ose
KInXE+v/A3NU4EZu3/XuoJUIK0tQPhYmdKqxKjKWZaDTUG1ZibRrc9yciBRRlaVi
p0T0ZT9QeUzMSwhiRvCKlv6Tgx5XYNiSgfdYWPoUBDkFLVdPhHPEB6zYzbSGf8+Q
Y8diFsGF+vkE5SszkOW5cS1aOEc9U3Sn3bhfCIIUYy0iyx+JPOuhhOusiOFT0inL
I1opZJ43soyEWXexnXCy+/UsqoU+Uq/iuyQ/XoWKDu5JnVgUQfEMiO+WjFHcDR/F
PspLWPmXmjaKF4NESUYjF3W7LObsJyZxEjFa5+IWKpeiJJVpKn8qFLBuaVnsdf3d
IorwLMNW74SrtImH/YKqFxCHhKGABMMihDPBz0FlJw+59Xd1/wwBq9dHdXRSTP4V
jEzZGEDtn1+JRtMeC5hQRFsJv2CrKiYa1UODIK/VCfb3P8frQ82Ew+lDzBxvq13c
hOMBQiYYxgIHjntbwCgFo5OirpwsasnHY0RtZlONaouzXNmK7R62v1SLj+veCbWi
G13aOngXwamfmzTl5dmTDYrQSlgmCkoa0Nlj7p9YtDWOu0TeRH4wFF7GMPzR6MLL
fjJ4LxW3dAv2EG64sjRT
=F0FY
—–END PGP SIGNATURE—–
—