This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============1517740159278413025== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="ebn1bCo14e7J6rnnOCaT8Vth2U1a87eq0"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --ebn1bCo14e7J6rnnOCaT8Vth2U1a87eq0 Content-Type: multipart/mixed; boundary="wxPNW4JcHI9OcxAqkqxM5MdcFdPO8aJ3P" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <f3904a35-0ce2-0a6c-222d-7ec484212e5f@canonical.com> Subject: [USN-3166-1] WebKitGTK+ vulnerabilities
--wxPNW4JcHI9OcxAqkqxM5MdcFdPO8aJ3P Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3166-1 January 10, 2017
webkit2gtk vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in WebKitGTK+.
Software Description: - webkit2gtk: JavaScript engine library from WebKitGTK+ - GObject introspection
Details:
A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: libjavascriptcoregtk-4.0-18 2.14.2-0ubuntu0.16.04.1 libwebkit2gtk-4.0-37 2.14.2-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3166-1 CVE-2016-4613, CVE-2016-4657, CVE-2016-4666, CVE-2016-4707, CVE-2016-4728, CVE-2016-4733, CVE-2016-4734, CVE-2016-4735, CVE-2016-4759, CVE-2016-4760, CVE-2016-4761, CVE-2016-4762, CVE-2016-4764, CVE-2016-4765, CVE-2016-4767, CVE-2016-4768, CVE-2016-4769, CVE-2016-7578
Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.14.2-0ubuntu0.16.04.1
--wxPNW4JcHI9OcxAqkqxM5MdcFdPO8aJ3P--
--ebn1bCo14e7J6rnnOCaT8Vth2U1a87eq0 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJYdTeTAAoJEGVp2FWnRL6TIp4QALV34cZSwrNEaTnOUOeahFvY MfPclemSK0kCYc64vq4hYUDHkpC3AwF/njTQM0Z2S3nE+8z1jmOr/duDdrmjseLL lDOUVDBliOdGO5OSc2pgU1S1GJY8fK0bEI39yfo3MHNuT81SXlFsoymFSL82+mUB walS5XB9UzuUuPrgXbQAQ7yhXHgPs3gDPlQXOBs1rPnXw+Avx+EONZZxquOesxyE eBWZxGRibdpCyzLa+HUrDUyedAMWp7nw7RirBhOo8saI+3HlziVQsB8ZIq3+onFg QZZkLGI5dUXpyHtzu1TJiaFbJh1CHRK9mowBNqAcogrwIfnKjkb4Wl3QBjXlfaPy pYupAcqx0WDPRHTW6oJvM+TDPmZFoVz0cktVvFAC8uLqD3XpmOH9N7VRpTQakTN9 6B/8dUm6kbhfRgBut9PIcbWRBZy70+WysiRbNSCzEqlwoL3Eqd8rLsfHW/sU3PEB vMTnGqsZzfclvz3ZelWdgaqMlFUqg+8QNBOmMSKDirvUdhmlrPXkNXy48yNZWkR6 KEl67dO1fY33r5K5bp9jFd25/UcPmdjEjLFNkBJfHax4VYBgPUbUOXvwdS3PdU5J g5BEBkXr3FYaAAG8/zA/Kf52/gb6X9GYcC9cvJbE80cNJWomE/YdebbF6mhRFNNA iOdoZcEqyej7tro4sTs3 =l/Qm -----END PGP SIGNATURE-----
--ebn1bCo14e7J6rnnOCaT8Vth2U1a87eq0--
--===============1517740159278413025== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============1517740159278413025==--
|