USN-6545-1: WebKitGTK vulnerabilities

Releases

• Ubuntu 23.10
• Ubuntu 23.04
• Ubuntu 22.04 LTS

Packages

• webkit2gtk - Web content engine library for GTK+

Details

Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 23.10

• libjavascriptcoregtk-4.0-18 - 2.42.3-0ubuntu0.23.10.1
• libjavascriptcoregtk-4.1-0 - 2.42.3-0ubuntu0.23.10.1
• libjavascriptcoregtk-6.0-1 - 2.42.3-0ubuntu0.23.10.1
• libwebkit2gtk-4.0-37 - 2.42.3-0ubuntu0.23.10.1
• libwebkit2gtk-4.1-0 - 2.42.3-0ubuntu0.23.10.1

Ubuntu 23.04

• libjavascriptcoregtk-4.0-18 - 2.42.3-0ubuntu0.23.04.1
• libjavascriptcoregtk-4.1-0 - 2.42.3-0ubuntu0.23.04.1
• libjavascriptcoregtk-6.0-1 - 2.42.3-0ubuntu0.23.04.1
• libwebkit2gtk-4.0-37 - 2.42.3-0ubuntu0.23.04.1
• libwebkit2gtk-4.1-0 - 2.42.3-0ubuntu0.23.04.1

Ubuntu 22.04

• libjavascriptcoregtk-4.0-18 - 2.42.3-0ubuntu0.22.04.1
• libjavascriptcoregtk-4.1-0 - 2.42.3-0ubuntu0.22.04.1
• libjavascriptcoregtk-6.0-1 - 2.42.3-0ubuntu0.22.04.1
• libwebkit2gtk-4.0-37 - 2.42.3-0ubuntu0.22.04.1
• libwebkit2gtk-4.1-0 - 2.42.3-0ubuntu0.22.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.

References

• CVE-2023-42917
• CVE-2023-42916