USN-3257-1: WebKitGTK+ vulnerabilities
10 April 2017
Several security issues were fixed in WebKitGTK+.
Releases
Packages
- webkit2gtk - Web content engine library for GTK+
Details
A large number of security issues were discovered in the WebKitGTK+ Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.10
-
libjavascriptcoregtk-4.0-18
-
2.16.1-0ubuntu0.16.10.1
-
libwebkit2gtk-4.0-37
-
2.16.1-0ubuntu0.16.10.1
Ubuntu 16.04
-
libjavascriptcoregtk-4.0-18
-
2.16.1-0ubuntu0.16.04.1
-
libwebkit2gtk-4.0-37
-
2.16.1-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK+, such as Epiphany, to make all the necessary changes.
References
- CVE-2016-9642
- CVE-2016-9643
- CVE-2017-2364
- CVE-2017-2367
- CVE-2017-2376
- CVE-2017-2377
- CVE-2017-2386
- CVE-2017-2392
- CVE-2017-2394
- CVE-2017-2395
- CVE-2017-2396
- CVE-2017-2405
- CVE-2017-2415
- CVE-2017-2419
- CVE-2017-2433
- CVE-2017-2442
- CVE-2017-2445
- CVE-2017-2446
- CVE-2017-2447
- CVE-2017-2454
- CVE-2017-2455
- CVE-2017-2457
- CVE-2017-2459
- CVE-2017-2460
- CVE-2017-2464
- CVE-2017-2465
- CVE-2017-2466
- CVE-2017-2468
- CVE-2017-2469
- CVE-2017-2470
- CVE-2017-2471
- CVE-2017-2475
- CVE-2017-2476
- CVE-2017-2481
Related notices
- USN-3200-1: libjavascriptcoregtk-4.0-bin, libwebkit2gtk-4.0-doc, gir1.2-javascriptcoregtk-4.0, gir1.2-webkit2-4.0, libwebkit2gtk-4.0-dev, libwebkit2gtk-4.0-37-gtk2, libjavascriptcoregtk-4.0-dev, libwebkit2gtk-4.0-37, webkit2gtk, libjavascriptcoregtk-4.0-18