PT-2016-6046 · Webkitgtk+1 · Webkitgtk+1
Bo Qu
+1
·
Published
2016-07-21
·
Updated
2019-03-25
·
CVE-2016-4589
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WebKitGTK+ versions prior to 2.12.5-0ubuntu0.16.04.1
Description
A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
Recommendations
Update the system to the following package versions:
gir1.2-javascriptcoregtk-4.0 - 2.12.5-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37-gtk2 - 2.12.5-0ubuntu0.16.04.1
libjavascriptcoregtk-4.0-dev - 2.12.5-0ubuntu0.16.04.1
libwebkit2gtk-4.0-37 - 2.12.5-0ubuntu0.16.04.1
libjavascriptcoregtk-4.0-18 - 2.12.5-0ubuntu0.16.04.1
libwebkit2gtk-4.0-doc - 2.12.5-0ubuntu0.16.04.1
libjavascriptcoregtk-4.0-bin - 2.12.5-0ubuntu0.16.04.1
gir1.2-webkit2-4.0 - 2.12.5-0ubuntu0.16.04.1
libwebkit2gtk-4.0-dev - 2.12.5-0ubuntu0.16.04.1
Run
sudo pro fix USN-3079-1 to fix the vulnerability.Exploit
Fix
RCE
DoS
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ubuntu
Webkitgtk