You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa WebKitGTK+

Sigurnosni nedostaci programskog paketa WebKitGTK+

by - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4281-1
February 18, 2020

webkit2gtk vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.10
– Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in WebKitGTK+.

Software Description:
– webkit2gtk: Web content engine library for GTK+

Details:

A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.10:
libjavascriptcoregtk-4.0-18 2.26.4-0ubuntu0.19.10.1
libwebkit2gtk-4.0-37 2.26.4-0ubuntu0.19.10.1

Ubuntu 18.04 LTS:
libjavascriptcoregtk-4.0-18 2.26.4-0ubuntu0.18.04.1
libwebkit2gtk-4.0-37 2.26.4-0ubuntu0.18.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.

References:
https://usn.ubuntu.com/4281-1
CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867,
CVE-2020-3868

Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.26.4-0ubuntu0.19.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.26.4-0ubuntu0.18.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl5L7n4ACgkQZWnYVadE
vpNONg//X7JWOLa2fIQBXoPuy/XvFTv9A1LzR1MXVGij0x9m8lIvpmX2FEr3n2T1
q3tmM9cVryegOOYr+ZVGKpofpe1UhWMPl+UUY5gZq1oi4FfbgK65hrRnxYZCHSDH
foPmt4m8kcmuV2/ycICBonHfxo4D+Lm9t3nqZe5Bk7ufqP9Cf1+VugJcXe9RldDG
yPOTY6CC8r37TiW5bRMWMzPCkBTyZb85CitIP0FUPNhOmftZ5KLIelWWUtTowmt3
wrNQSt0/ZcIs9bw/Yd+p1wJ1iTTkjPJKGnKLKuXQwuPvk+ISebc8PNCO8hE00jZR
go0YF2UsE741hEDgbYenQ6MAELCzxbaqsSBlN8fwfVpn2ZDZKOUYYa6M64GWghA7
y0Rc3gIDUgQj0WXYDK1J6nz1rg7tEKWgomzb4kxiUlXQRTu9IpA/6ReawIbmVQsQ
VtYCftet3q46Bxfr+Nu+6WOdAWmxRHc1P8P6zaZcxkqjt8b3z2E6h9NZv1SGiydQ
st7Hzt5oZMWj58h2ErMszRp60eEJNUVh3oKcBKwS5NtjGnfm9BYu4z3/N/0rBEBo
vMyW9vcJoy1li+t1rWc9QK3CAw42/DCSaWxgBo6UIvisHRoMpmFm6kw1eERGEu7t
+4r3Maw1YPHU9qdoAGf5p4ILEBjj5ORPu8ipXKWb8mvl4pJ5Pic=
=jo+I
—–END PGP SIGNATURE—–

AutorJosip Papratovic
Cert idNCERT-REF-2020-02-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa ClamAV

Otkriven je sigurnosni nedostatak u programskom paketu ClamAV za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja....

Close