USN-7142-1: WebKitGTK vulnerabilities

Releases

• Ubuntu 24.10
• Ubuntu 24.04 LTS
• Ubuntu 22.04 LTS

Packages

• webkit2gtk - Web content engine library for GTK+

Details

Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 24.10

• libjavascriptcoregtk-4.1-0 - 2.46.4-0ubuntu0.24.10.1
• libjavascriptcoregtk-6.0-1 - 2.46.4-0ubuntu0.24.10.1
• libwebkit2gtk-4.1-0 - 2.46.4-0ubuntu0.24.10.1
• libwebkitgtk-6.0-4 - 2.46.4-0ubuntu0.24.10.1

Ubuntu 24.04

• libjavascriptcoregtk-4.1-0 - 2.46.4-0ubuntu0.24.04.1
• libjavascriptcoregtk-6.0-1 - 2.46.4-0ubuntu0.24.04.1
• libwebkit2gtk-4.1-0 - 2.46.4-0ubuntu0.24.04.1
• libwebkitgtk-6.0-4 - 2.46.4-0ubuntu0.24.04.1

Ubuntu 22.04

• libjavascriptcoregtk-4.0-18 - 2.46.4-0ubuntu0.22.04.1
• libjavascriptcoregtk-4.1-0 - 2.46.4-0ubuntu0.22.04.1
• libjavascriptcoregtk-6.0-1 - 2.46.4-0ubuntu0.22.04.1
• libwebkit2gtk-4.0-37 - 2.46.4-0ubuntu0.22.04.1
• libwebkit2gtk-4.1-0 - 2.46.4-0ubuntu0.22.04.1
• libwebkitgtk-6.0-4 - 2.46.4-0ubuntu0.22.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.

References

• CVE-2024-44309
• CVE-2024-44308