==========================================================================
Ubuntu Security Notice USN-4648-1
November 26, 2020

webkit2gtk vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 20.10
– Ubuntu 20.04 LTS
– Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in WebKitGTK.

Software Description:
– webkit2gtk: Web content engine library for GTK+

Details:

A large number of security issues were discovered in the WebKitGTK Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
libjavascriptcoregtk-4.0-18 2.30.3-0ubuntu0.20.10.1
libwebkit2gtk-4.0-37 2.30.3-0ubuntu0.20.10.1

Ubuntu 20.04 LTS:
libjavascriptcoregtk-4.0-18 2.30.3-0ubuntu0.20.04.1
libwebkit2gtk-4.0-37 2.30.3-0ubuntu0.20.04.1

Ubuntu 18.04 LTS:
libjavascriptcoregtk-4.0-18 2.30.3-0ubuntu0.18.04.1
libwebkit2gtk-4.0-37 2.30.3-0ubuntu0.18.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.

References:
https://usn.ubuntu.com/4648-1
CVE-2020-13753, CVE-2020-9948, CVE-2020-9951, CVE-2020-9952,
CVE-2020-9983

Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.30.3-0ubuntu0.20.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.30.3-0ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.30.3-0ubuntu0.18.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl+/vEQACgkQZWnYVadE
vpPXTQ/7BeXalMVpTQZhPNtebe59Ce7n3RVyPL3cmOB8jlRlGFX1gCBIJrY4rdhj
kSsKaPjRVixAnLBi2irg6+55ZhDytOvRZsxr5NXX68t9SnzmWWfrW2a2cvgjSxBk
lZeObhNKCpOupHAwkeTkZNXDYQcMtpZoqMTEyiM3T+4qaib8cjFFt91B3nzDlKHX
JQKBdDU6VBo8Ge+CRV4GPudYy9Z3na71XLGbKluiI3BjV5e3E0sKJLHtskh+F3zr
indwHb2DRhXIc0UWrnsagHcSiJv/IReAopEVgdFIonHBfzKlfGZ5r8SODQeNP47a
25KvW0OiUgem75k47xWms0GUhl/759MEczYzbnC4PMb+a5F+0sK0Wa5oA6REW0xk
56v/pPMXwJ2cDl5xi4uFdLOhf7DaoTY2TF0E0CcPta/96Mwjf0RVM54GoPSn6jzZ
DviK+BQUYrTxNt+Wf3mMiYMQCciR4mZeO3ojBTBy4AhxcbFsbwZ3CdD5Zh+HsomN
9M0Vgtnh0U9m6AkM6sVedXZXTM8bYtG/swNFFaBsB29YCCevMv1ur80cfTeEwyFf
72v1fv4LqRxucapbIWxuiG36bNbq0vYE+UCbJehEdWVNmsJAMqUdo3gEPp9SxoC9
Amw6/VDBsnsOg0IuUK0ipSyv8sUQleHl9I3UK5XltuMr0C178fk=
=A/bA
—–END PGP SIGNATURE—–
—