ALSA-2025:22789

[ALSA-2025:22789] Important: webkit2gtk3 security update

Type:

security

Severity:

important

Release date:

2025-12-08

Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.  

Security Fix(es):  

  * webkit: WebKitGTK / WPE WebKit: Out-of-bounds read and integer underflow vulnerability leading to DoS (CVE-2025-13502)
  * webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2023-43000)
  * webkitgtk: A website may exfiltrate image data cross-origin (CVE-2025-43392)
  * webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-43419)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43425)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43427)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43429)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43430)
  * webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-43431)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43432)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43434)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43440)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43443)
  * webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2025-43480)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43421)
  * webkit: WebKitGTK: Remote user-assisted information disclosure via file drag-and-drop (CVE-2025-13947)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43458)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-66287)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	webkit2gtk3-jsc-2.50.3-1.el8_10.aarch64.rpm	19c812fe8b5d6f3edb63cb5253c8f2d7a2cd3a11afb9c802263c0f632f974e47
aarch64	webkit2gtk3-jsc-devel-2.50.3-1.el8_10.aarch64.rpm	456c8f0c61ae55ca29ee9672fc7c671c746dafeb860f5d3fe3c5703a9d5a0a73
aarch64	webkit2gtk3-2.50.3-1.el8_10.aarch64.rpm	871ded0a9201c43fe58f8cd8c2bb2f1e2bc98d250a88d476731660b7403786c6
aarch64	webkit2gtk3-devel-2.50.3-1.el8_10.aarch64.rpm	cde4b4281e34b011e98667dcdb40bcbb6ef056ea4568cf8dc56c77f467319b88
i686	webkit2gtk3-devel-2.50.3-1.el8_10.i686.rpm	22e007eb18db55ae92402013bcfdb3e9ba42a4147a616dadcdfa482df01bcf10
i686	webkit2gtk3-jsc-2.50.3-1.el8_10.i686.rpm	55375c10eb6e917a5ae95193335e67c8b3c29905b97f584e97b65052a8ec7fc3
i686	webkit2gtk3-2.50.3-1.el8_10.i686.rpm	a0d5441d9807a61e2fdb3a3a76fdf5e34594e6675fe0a4e5bb7120a52512f395
i686	webkit2gtk3-jsc-devel-2.50.3-1.el8_10.i686.rpm	c62a1a0e253fbbb85c835f5df005dc88df0fdfdc10c6f4f9515f61d3db5fc497
ppc64le	webkit2gtk3-jsc-devel-2.50.3-1.el8_10.ppc64le.rpm	39c2f2b06e473f186224ccf4980fc7d376bdaf08d4cb9ddbe97a03fa8ca96818
ppc64le	webkit2gtk3-2.50.3-1.el8_10.ppc64le.rpm	421d27df13c7ef4a51fc5fc36cd2ac790b71cc1c20a8242d0844127f2dfaa60e
ppc64le	webkit2gtk3-jsc-2.50.3-1.el8_10.ppc64le.rpm	5798f7877d1e2d3ef37b8c83d2df09f074c6c08c89b283e967d10f8c5181e1eb
ppc64le	webkit2gtk3-devel-2.50.3-1.el8_10.ppc64le.rpm	deaf76c16c332ba8c020e41f61d6debfb1d4c8cb12328e2265d6774d7a17bcd1
s390x	webkit2gtk3-devel-2.50.3-1.el8_10.s390x.rpm	2233ad6f094ea7bf96ffcbf5d837fa93a69b252e355488fe472662651ac4a9fd
s390x	webkit2gtk3-jsc-devel-2.50.3-1.el8_10.s390x.rpm	6def26d6724a451fc6c16db9a2f59c03e5f425d164c8462fe26e920ee7aa150a
s390x	webkit2gtk3-jsc-2.50.3-1.el8_10.s390x.rpm	79a9ebb977191a48b36b2e2be2714a674a05b41a99ee774ab6918bbe4d358516
s390x	webkit2gtk3-2.50.3-1.el8_10.s390x.rpm	8b778ad0591ac239ebe4afbdae275d379ed76d22dd92691028f3b5037c73f622
x86_64	webkit2gtk3-2.50.3-1.el8_10.x86_64.rpm	30e3afebb1222b1ffb061dda15e78ff9a35f14e4ee707629f5fd83951e540d07
x86_64	webkit2gtk3-jsc-2.50.3-1.el8_10.x86_64.rpm	a1a2596420ab332cd429f9c8d2878ca376159193cd3a3e18c7ce9505251e2ce8
x86_64	webkit2gtk3-devel-2.50.3-1.el8_10.x86_64.rpm	a578df2fba05426dca7548a8c0a4498368136ab27059b1880f80d70946808356
x86_64	webkit2gtk3-jsc-devel-2.50.3-1.el8_10.x86_64.rpm	d3772576a0b99a3068ad1c651ae3dc249f9d08bc8f7cbbea59391326ae8f29af

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.