Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2025:22790

Опубликовано: 09 дек. 2025
Источник: rocky
Оценка: Important

Описание

Important: webkit2gtk3 security update

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

  • webkit: WebKitGTK / WPE WebKit: Out-of-bounds read and integer underflow vulnerability leading to DoS (CVE-2025-13502)

  • webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2023-43000)

  • webkitgtk: A website may exfiltrate image data cross-origin (CVE-2025-43392)

  • webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-43419)

  • webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43425)

  • webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43427)

  • webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43429)

  • webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43430)

  • webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-43431)

  • webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43432)

  • webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43434)

  • webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43440)

  • webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43443)

  • webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2025-43480)

  • webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43421)

  • webkit: WebKitGTK: Remote user-assisted information disclosure via file drag-and-drop (CVE-2025-13947)

  • webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43458)

  • webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-66287)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
webkit2gtk3x86_641.el9_7webkit2gtk3-2.50.3-1.el9_7.x86_64.rpm
webkit2gtk3i6861.el9_7webkit2gtk3-2.50.3-1.el9_7.i686.rpm
webkit2gtk3-develi6861.el9_7webkit2gtk3-devel-2.50.3-1.el9_7.i686.rpm
webkit2gtk3-develx86_641.el9_7webkit2gtk3-devel-2.50.3-1.el9_7.x86_64.rpm
webkit2gtk3-jsci6861.el9_7webkit2gtk3-jsc-2.50.3-1.el9_7.i686.rpm
webkit2gtk3-jscx86_641.el9_7webkit2gtk3-jsc-2.50.3-1.el9_7.x86_64.rpm
webkit2gtk3-jsc-develi6861.el9_7webkit2gtk3-jsc-devel-2.50.3-1.el9_7.i686.rpm
webkit2gtk3-jsc-develx86_641.el9_7webkit2gtk3-jsc-devel-2.50.3-1.el9_7.x86_64.rpm

Показывать по

Связанные CVE

CVE-2025-13502
CVE-2025-13947
CVE-2025-43392
CVE-2025-43421
CVE-2025-43425
CVE-2025-43427
CVE-2025-43429
CVE-2025-43430
CVE-2025-43431
CVE-2025-43432
CVE-2025-43434
CVE-2025-43440
CVE-2025-43443
CVE-2025-43458
CVE-2025-66287

Ссылки на источники

Исправления

Связанные уязвимости

rocky логотип

RLSA-2025:22789

rocky
2 месяца назад

Important: webkit2gtk3 security update

suse-cvrf логотип

SUSE-SU-2025:4423-1

suse-cvrf
около 2 месяцев назад

Security update for webkit2gtk3

suse-cvrf логотип

SUSE-SU-2025:4416-1

suse-cvrf
около 2 месяцев назад

Security update for webkit2gtk3

oracle-oval логотип

ELSA-2025-22790

oracle-oval
2 месяца назад

ELSA-2025-22790: webkit2gtk3 security update (IMPORTANT)

oracle-oval логотип

ELSA-2025-22789

oracle-oval
2 месяца назад

ELSA-2025-22789: webkit2gtk3 security update (IMPORTANT)