CVE-2016-4666 in Ubuntu

CVE-2016-4666

Priority

Description

An issue was discovered in certain Apple products. iOS before 10.1 is
affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected.
The issue involves the "WebKit" component. It allows remote attackers to
execute arbitrary code or cause a denial of service (memory corruption and
application crash) via a crafted web site.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4666
https://webkitgtk.org/security/WSA-2016-0006.html
https://usn.ubuntu.com/usn/usn-3166-1

Notes

jdstrand

webkit receives limited support. For details, see
https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit
webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8

Package

Source: qtwebkit-opensource-src (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [no update available])
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (no update available)

Patches:

Package

Source: qtwebkit-source (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [no update available])
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (no update available)

Package

Source: webkit (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE

Package

Source: webkit2gtk (LP Ubuntu Debian)

Upstream:	released (2.14.0)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	released (2.14.2-0ubuntu0.16.04.1)

Package

Source: webkitgtk (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was ignored [no update available])
Ubuntu 16.04 LTS (Xenial Xerus):	ignored (no update available)

More Information

Updated: 2019-12-05 18:45:21 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)