Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in WebKitGTK+
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in WebKitGTK+
ID: USN-3481-1
Distribution: Ubuntu
Plattformen: Ubuntu 16.04 LTS, Ubuntu 17.04, Ubuntu 17.10
Datum: Do, 16. November 2017, 16:34
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13795
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13796
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13784
Applikationen: WebKitGTK

Originalnachricht

 
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============5663001310868134636==
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="sPEEDcjqhluoWTuFNV5GLl80P52EvvkeB"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--sPEEDcjqhluoWTuFNV5GLl80P52EvvkeB
Content-Type: multipart/mixed;
 boundary="cAJSiv6PLl8jlntXfAr5kK8XnnPQvgKnJ";
 protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <adb25ca8-bcd8-bddc-2569-85469a96b0d8@canonical.com>
Subject: [USN-3481-1] WebKitGTK+ vulnerabilities

--cAJSiv6PLl8jlntXfAr5kK8XnnPQvgKnJ
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3481-1
November 16, 2017

webkit2gtk vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 17.10
- Ubuntu 17.04
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in WebKitGTK+.

Software Description:
- webkit2gtk: Web content engine library for GTK+

Details:

A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
  libjavascriptcoregtk-4.0-18     2.18.3-0ubuntu0.17.10.1
  libwebkit2gtk-4.0-37            2.18.3-0ubuntu0.17.10.1

Ubuntu 17.04:
  libjavascriptcoregtk-4.0-18     2.18.3-0ubuntu0.17.04.1
  libwebkit2gtk-4.0-37            2.18.3-0ubuntu0.17.04.1

Ubuntu 16.04 LTS:
  libjavascriptcoregtk-4.0-18     2.18.3-0ubuntu0.16.04.1
  libwebkit2gtk-4.0-37            2.18.3-0ubuntu0.16.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.

References:
  https://www.ubuntu.com/usn/usn-3481-1
  CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13788,
  CVE-2017-13791, CVE-2017-13792, CVE-2017-13793, CVE-2017-13794,
  CVE-2017-13795, CVE-2017-13796, CVE-2017-13798, CVE-2017-13802,
  CVE-2017-13803

Package Information:
  https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.3-0ubuntu0.17.10.1
  https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.3-0ubuntu0.17.04.1
  https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.3-0ubuntu0.16.04.1



--cAJSiv6PLl8jlntXfAr5kK8XnnPQvgKnJ--

--sPEEDcjqhluoWTuFNV5GLl80P52EvvkeB
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJaDZpBAAoJEGVp2FWnRL6Tn3cQAIUGbayPUHH6B/ZKMxz/P+3U
s7cDZ0igqX9joSiIxXBI1OuzojVthGLFyX0fqBVz9CKt0TXPCoN18+EsYiUl0kdI
/XgiPDTg0Yp1xbPwrXjO5myZQQsl65gGElM3miKSfUbGIhv03a0b9WHR3udTzF0H
lRub+VuiVr3OFi7UNwf/UlsaiSPKNjEMonQaBkeg/GYN/KI/ZRzG9eybq/rMq5og
Rhqvx+lwR5qegIKyOgZfMOS0EXBg7lObbAyEFzCW/GGzu/6Zv+az4qWGiXz5tfW4
pmOD4nbBTaEXW/Nussv9hgFM68otBhDFEgpPDb+GLwQ45AS+1ochI7cZ41gNcPbw
FIlXeRteFdN0SRHLuyaQKx0Hr3Ks0ovROZGoE7ER4I9/UpYjP6lZLAL2WFgZX+H4
fLrz7IOLCQrkYz7vqoaaGKNhUggDsNpGA2DSi8Tmgpc7mINBBOo8Nc71E5jb9D5u
oE21odUz15QfDleT5tU9wDDoBXFeZCcV1oeRn3CHHLK9TpTGVWgLkAFe2gOJvHfU
WldLEgkAfPiMcUhLIV+oao+1RQniFZBhSYG7GuRcKyWK7aojkxb7aw15vXAErxny
dsTw+QKBtfGyPlA5aktdJ/Q1iDPStTBP4S+tNRSvicY1i/vwu5pbyJUvELKl/3nV
TOw5s4EmicrcebV6rLpt
=hs5B
-----END PGP SIGNATURE-----

--sPEEDcjqhluoWTuFNV5GLl80P52EvvkeB--


--===============5663001310868134636==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============5663001310868134636==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung