ALSA-2025:22790

[ALSA-2025:22790] Important: webkit2gtk3 security update

Type:

security

Severity:

important

Release date:

2025-12-08

Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.  

Security Fix(es):  

  * webkit: WebKitGTK / WPE WebKit: Out-of-bounds read and integer underflow vulnerability leading to DoS (CVE-2025-13502)
  * webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2023-43000)
  * webkitgtk: A website may exfiltrate image data cross-origin (CVE-2025-43392)
  * webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-43419)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43425)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43427)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43429)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43430)
  * webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-43431)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43432)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43434)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43440)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43443)
  * webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2025-43480)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43421)
  * webkit: WebKitGTK: Remote user-assisted information disclosure via file drag-and-drop (CVE-2025-13947)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43458)
  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-66287)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	webkit2gtk3-devel-2.50.3-1.el9_7.aarch64.rpm	8688753e8ae80d017adc35683d135834d947d5396b87dbbc20369f6ac4f5fe5b
aarch64	webkit2gtk3-jsc-devel-2.50.3-1.el9_7.aarch64.rpm	a72d8723738a51bd9add2892baf43f816c056f01fcc545d49ce8cfe3361a4571
aarch64	webkit2gtk3-2.50.3-1.el9_7.aarch64.rpm	c36c73e89ed8990554742d5a535773ccc561addccd61d7f542b376007467bddb
aarch64	webkit2gtk3-jsc-2.50.3-1.el9_7.aarch64.rpm	d899aa854d61fd74715b3df6832fd856bf1ab7a1e740bc067cec8dad4885ec67
i686	webkit2gtk3-devel-2.50.3-1.el9_7.i686.rpm	3b2369112169e58767c379d8818cb0247cc047a16b74cb7a3449de92f3517ba6
i686	webkit2gtk3-jsc-devel-2.50.3-1.el9_7.i686.rpm	c46e0ce10d39b34ec327455598bc36a608b194cda2ef1b2af45f3fe4fc3799ef
i686	webkit2gtk3-jsc-2.50.3-1.el9_7.i686.rpm	df011d9950776f9bdaffbb7a4a88d352ac9266fe971f372bc7565efde799bd20
i686	webkit2gtk3-2.50.3-1.el9_7.i686.rpm	fe513bade7c8ab256f628c6a1f0bdb3841a020301d091403123e519a1a4a2e55
ppc64le	webkit2gtk3-devel-2.50.3-1.el9_7.ppc64le.rpm	0e9e2e9323e9898ebd3c813ae39ec83251d9258a303f8a0a42132fc53641d7e5
ppc64le	webkit2gtk3-2.50.3-1.el9_7.ppc64le.rpm	43428ed70b2f745dfe1371a6c0e0f5b15fc19f7082c4e90c44304ca6f816fde8
ppc64le	webkit2gtk3-jsc-2.50.3-1.el9_7.ppc64le.rpm	9434288ca1deb55c85f1dc0b67513a79d787136cd3812f8523c489842167fb7d
ppc64le	webkit2gtk3-jsc-devel-2.50.3-1.el9_7.ppc64le.rpm	a1559b47a46e6e36e82024120b290d607ef788731afddd5be3688e66c8f8d1ac
s390x	webkit2gtk3-jsc-2.50.3-1.el9_7.s390x.rpm	2f48914e021a2a2ed16f7fcdf9deb5d31e92b338891868282ac8cbf1f90b96d0
s390x	webkit2gtk3-devel-2.50.3-1.el9_7.s390x.rpm	4bfe88fcf88ef33ef4ba66b2e955ddc0156cbe80e81efa3d53f0d30a45300302
s390x	webkit2gtk3-2.50.3-1.el9_7.s390x.rpm	b5e2b3d16438ddbb7e3174b2b137c82120ab13379635bebff640d6c459df8351
s390x	webkit2gtk3-jsc-devel-2.50.3-1.el9_7.s390x.rpm	f52bee46f33a08b2ccef9a383f0f9c783b5c60d3e1724e7240790c78f2d32c99
x86_64	webkit2gtk3-jsc-devel-2.50.3-1.el9_7.x86_64.rpm	37c18a08514c906624c9b27925b9b6b7bb8f293084f40309c731fb05df1b3708
x86_64	webkit2gtk3-2.50.3-1.el9_7.x86_64.rpm	4db53a5764f93855103e3e2a0997c7767f279ba67572286a7080b2f4badd67d8
x86_64	webkit2gtk3-jsc-2.50.3-1.el9_7.x86_64.rpm	879b31058480b3e079b54724aac26edd06013e33a2389068716964d6ab4626da
x86_64	webkit2gtk3-devel-2.50.3-1.el9_7.x86_64.rpm	a927b9d639c065dfe9d789764641416c2b8b899013b29818d70608e2748b88fb

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.