Sicherheit: Mehrere Probleme in WebKitGTK

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============0449581479389452638==
Content-Language: en-CA
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------r4E0r4hjAIFStWRSH9lwqr67"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------r4E0r4hjAIFStWRSH9lwqr67
Content-Type: multipart/mixed;
boundary="------------dhGiYr9S2xVevkDter3BAvrm";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: "ubuntu-security-announce@lists.ubuntu.com"
<ubuntu-security-announce@lists.ubuntu.com>
Message-ID: <1a8160c5-a99d-7599-14c4-d387d1fbde70@canonical.com>
Subject: [USN-5394-1] WebKitGTK vulnerabilities

--------------dhGiYr9S2xVevkDter3BAvrm
Content-Type: text/plain; charset=UTF-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-5394-1
April 28, 2022

webkit2gtk vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 21.10
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in WebKitGTK.

Software Description:
- webkit2gtk: Web content engine library for GTK+

Details:

A large number of security issues were discovered in the WebKitGTK Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
libjavascriptcoregtk-4.0-18 2.36.0-0ubuntu0.21.10.3
libwebkit2gtk-4.0-37 2.36.0-0ubuntu0.21.10.3

Ubuntu 20.04 LTS:
libjavascriptcoregtk-4.0-18 2.36.0-0ubuntu0.20.04.3
libwebkit2gtk-4.0-37 2.36.0-0ubuntu0.20.04.3

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5394-1
CVE-2022-22624, CVE-2022-22628, CVE-2022-22629, CVE-2022-22637

Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.36.0-0ubuntu0.21.10.3
https://launchpad.net/ubuntu/+source/webkit2gtk/2.36.0-0ubuntu0.20.04.3

--------------dhGiYr9S2xVevkDter3BAvrm--

--------------r4E0r4hjAIFStWRSH9lwqr67
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmJqoP4ACgkQZWnYVadE
vpPFOw/+LNC3JcjbujGokbsBqiDrmqGwuZq2INY53HfzEbO5RKaDXI0LlcDKLg72
0ED72PL+Icq8w+mm3It4pKMRJnDuq2xdaLKwitmaS5ZOrAnog3W9cKjhPeRe2/YU
CtBhi/PfMcBAFQJdruX0buANsB1dSOT3/e+ZxOvRDLEeGcZPlZPG5/PlHMLZvtVv
WEIlYTJzV8oHPeO+Cbf0bbfkFu0jVpQjBUPr2mH6BgbdrKsQCGKPdUriuc54dzFt
1q8FSg3yIQD7lwnnO/KQrZEQ5tcybUDTbnODk+uZDtW+WAqPUGeqAMYD30adI+LR
o9yBURgRrEcuEUWecjTGJaaj9cHXF8MS2ol333itKmMMTbhup/qjGRkFdzr3TFUB
rAPrGpJOSuKv3hbO9fI76WPcDDYtFSFCVEbDpyHavefJt51vBAaMDtLIojpioBO5
xGooF0Oi8qufMs+fNwgKRrXWKhOyTJ6LndvdAStNGJkHat9jtfCoHR15uACWycDH
nT9jw4Y7s96PlDm27/Rc4oC6g+5y0APZJyn+OuKlDRb9tSFR5vIDwzEjGteJBQF3
fcHpNDRzdPzYyTbdnS1+ibRk8wmCMvxvxIowcWWgkcwccV8/+Hv9s97ZlrZu63Cr
jpbNB09AtprdkKgzUWS3kbjBNt4kJfUCGuTDqJmMGJV41ovp1ko=
=ts3L
-----END PGP SIGNATURE-----

--------------r4E0r4hjAIFStWRSH9lwqr67--

--===============0449581479389452638==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============0449581479389452638==--