USN-2937-1: WebKitGTK+ vulnerabilities
21 March 2016
Several security issues were fixed in WebKitGTK+.
Releases
Packages
- webkitgtk - Web content engine library for GTK+
Details
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10
-
libjavascriptcoregtk-1.0-0
-
2.4.10-0ubuntu0.15.10.1
-
libjavascriptcoregtk-3.0-0
-
2.4.10-0ubuntu0.15.10.1
-
libwebkitgtk-1.0-0
-
2.4.10-0ubuntu0.15.10.1
-
libwebkitgtk-3.0-0
-
2.4.10-0ubuntu0.15.10.1
Ubuntu 14.04
-
libjavascriptcoregtk-1.0-0
-
2.4.10-0ubuntu0.14.04.1
-
libjavascriptcoregtk-3.0-0
-
2.4.10-0ubuntu0.14.04.1
-
libwebkitgtk-1.0-0
-
2.4.10-0ubuntu0.14.04.1
-
libwebkitgtk-3.0-0
-
2.4.10-0ubuntu0.14.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany and Evolution, to make all the
necessary changes.
References
- CVE-2014-1748
- CVE-2015-1071
- CVE-2015-1076
- CVE-2015-1081
- CVE-2015-1083
- CVE-2015-1120
- CVE-2015-1122
- CVE-2015-1127
- CVE-2015-1153
- CVE-2015-1155
- CVE-2015-3658
- CVE-2015-3659
- CVE-2015-3727
- CVE-2015-3731
- CVE-2015-3741
- CVE-2015-3743
- CVE-2015-3745
- CVE-2015-3747
- CVE-2015-3748
- CVE-2015-3749
- CVE-2015-3752
- CVE-2015-5788
- CVE-2015-5794
- CVE-2015-5801
- CVE-2015-5809
- CVE-2015-5822
- CVE-2015-5928
Related notices
- USN-2298-1: oxideqmlscene, oxideqt-codecs-extra, liboxideqtcore0, oxide-qt, oxideqt-codecs, liboxideqt-qmlplugin