First published: Mon Apr 20 2020(Updated: )
A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/libjavascriptcoregtk-4.0-18 | <2.28.1-0ubuntu0.19.10.1 | 2.28.1-0ubuntu0.19.10.1 |
Ubuntu Ubuntu | =19.10 | |
All of | ||
ubuntu/libwebkit2gtk-4.0-37 | <2.28.1-0ubuntu0.19.10.1 | 2.28.1-0ubuntu0.19.10.1 |
Ubuntu Ubuntu | =19.10 | |
All of | ||
ubuntu/libjavascriptcoregtk-4.0-18 | <2.28.1-0ubuntu0.18.04.1 | 2.28.1-0ubuntu0.18.04.1 |
Ubuntu Ubuntu | =18.04 | |
All of | ||
ubuntu/libwebkit2gtk-4.0-37 | <2.28.1-0ubuntu0.18.04.1 | 2.28.1-0ubuntu0.18.04.1 |
Ubuntu Ubuntu | =18.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this advisory is USN-4331-1.
The WebKitGTK+ Web and JavaScript engines are affected by this vulnerability.
An attacker can exploit this vulnerability by tricking a user into viewing a malicious website, which can lead to various web browser security issues such as cross-site scripting attacks and denial of service attacks.
The recommended remedy for this vulnerability is to upgrade to the specified version of libjavascriptcoregtk and libwebkit2gtk packages as mentioned in the advisory.
You can find more information about this vulnerability on the Ubuntu Security Notice page referenced in the advisory.