RLSA-2025:22790

Security

Mirrored from RHSA-2025:22790

Issued at: 2025-12-09

Updated at: 2025-12-22

Synopsis

Important: webkit2gtk3 security update

Description

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

* webkit: WebKitGTK / WPE WebKit: Out-of-bounds read and integer underflow vulnerability leading to DoS (CVE-2025-13502)

* webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2023-43000)

* webkitgtk: A website may exfiltrate image data cross-origin (CVE-2025-43392)

* webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-43419)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43425)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43427)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43429)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43430)

* webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-43431)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43432)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43434)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43440)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43443)

* webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2025-43480)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43421)

* webkit: WebKitGTK: Remote user-assisted information disclosure via file drag-and-drop (CVE-2025-13947)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43458)

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-66287)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 9 aarch64

Rocky Linux 9 ppc64le

Rocky Linux 9 s390x

Rocky Linux 9 x86_64

Fixes

2416300

2416325

2416327

2416329

2416330

2416331

2416332

2416334

2416335

2416336

2416337

2416355

2418576

2418855

2418857

CVEs

CVE-2025-13502

CVE-2025-13947

CVE-2025-43392

CVE-2025-43421

CVE-2025-43425

CVE-2025-43427

CVE-2025-43429

CVE-2025-43430

CVE-2025-43431

CVE-2025-43432

CVE-2025-43434

CVE-2025-43440

CVE-2025-43443

CVE-2025-43458

CVE-2025-66287

Affected packages

Rocky Linux 9 s390x - AppStream

webkit2gtk3-0:2.50.3-1.el9_7.s390x.rpm

webkit2gtk3-0:2.50.3-1.el9_7.src.rpm

webkit2gtk3-debuginfo-0:2.50.3-1.el9_7.s390x.rpm

webkit2gtk3-debugsource-0:2.50.3-1.el9_7.s390x.rpm

webkit2gtk3-devel-0:2.50.3-1.el9_7.s390x.rpm

webkit2gtk3-devel-debuginfo-0:2.50.3-1.el9_7.s390x.rpm

webkit2gtk3-jsc-0:2.50.3-1.el9_7.s390x.rpm

webkit2gtk3-jsc-debuginfo-0:2.50.3-1.el9_7.s390x.rpm

webkit2gtk3-jsc-devel-0:2.50.3-1.el9_7.s390x.rpm

webkit2gtk3-jsc-devel-debuginfo-0:2.50.3-1.el9_7.s390x.rpm

Rocky Linux 9 x86_64 - AppStream

webkit2gtk3-0:2.50.3-1.el9_7.src.rpm

webkit2gtk3-0:2.50.3-1.el9_7.x86_64.rpm

webkit2gtk3-debuginfo-0:2.50.3-1.el9_7.i686.rpm

webkit2gtk3-0:2.50.3-1.el9_7.i686.rpm

webkit2gtk3-debuginfo-0:2.50.3-1.el9_7.x86_64.rpm

webkit2gtk3-debugsource-0:2.50.3-1.el9_7.i686.rpm

webkit2gtk3-debugsource-0:2.50.3-1.el9_7.x86_64.rpm

webkit2gtk3-devel-0:2.50.3-1.el9_7.i686.rpm

webkit2gtk3-devel-0:2.50.3-1.el9_7.x86_64.rpm

webkit2gtk3-devel-debuginfo-0:2.50.3-1.el9_7.i686.rpm

webkit2gtk3-devel-debuginfo-0:2.50.3-1.el9_7.x86_64.rpm

webkit2gtk3-jsc-0:2.50.3-1.el9_7.i686.rpm

webkit2gtk3-jsc-0:2.50.3-1.el9_7.x86_64.rpm

webkit2gtk3-jsc-debuginfo-0:2.50.3-1.el9_7.i686.rpm

webkit2gtk3-jsc-debuginfo-0:2.50.3-1.el9_7.x86_64.rpm

webkit2gtk3-jsc-devel-0:2.50.3-1.el9_7.i686.rpm

webkit2gtk3-jsc-devel-0:2.50.3-1.el9_7.x86_64.rpm

webkit2gtk3-jsc-devel-debuginfo-0:2.50.3-1.el9_7.i686.rpm

webkit2gtk3-jsc-devel-debuginfo-0:2.50.3-1.el9_7.x86_64.rpm

Rocky Linux 9 aarch64 - AppStream

webkit2gtk3-0:2.50.3-1.el9_7.src.rpm

webkit2gtk3-debuginfo-0:2.50.3-1.el9_7.aarch64.rpm

webkit2gtk3-0:2.50.3-1.el9_7.aarch64.rpm

webkit2gtk3-debugsource-0:2.50.3-1.el9_7.aarch64.rpm

webkit2gtk3-devel-0:2.50.3-1.el9_7.aarch64.rpm

webkit2gtk3-devel-debuginfo-0:2.50.3-1.el9_7.aarch64.rpm

webkit2gtk3-jsc-0:2.50.3-1.el9_7.aarch64.rpm

webkit2gtk3-jsc-debuginfo-0:2.50.3-1.el9_7.aarch64.rpm

webkit2gtk3-jsc-devel-0:2.50.3-1.el9_7.aarch64.rpm

webkit2gtk3-jsc-devel-debuginfo-0:2.50.3-1.el9_7.aarch64.rpm

Rocky Linux 9 ppc64le - AppStream

webkit2gtk3-0:2.50.3-1.el9_7.src.rpm

webkit2gtk3-debuginfo-0:2.50.3-1.el9_7.ppc64le.rpm

webkit2gtk3-0:2.50.3-1.el9_7.ppc64le.rpm

webkit2gtk3-debugsource-0:2.50.3-1.el9_7.ppc64le.rpm

webkit2gtk3-devel-0:2.50.3-1.el9_7.ppc64le.rpm

webkit2gtk3-devel-debuginfo-0:2.50.3-1.el9_7.ppc64le.rpm

webkit2gtk3-jsc-0:2.50.3-1.el9_7.ppc64le.rpm

webkit2gtk3-jsc-debuginfo-0:2.50.3-1.el9_7.ppc64le.rpm

webkit2gtk3-jsc-devel-0:2.50.3-1.el9_7.ppc64le.rpm

webkit2gtk3-jsc-devel-debuginfo-0:2.50.3-1.el9_7.ppc64le.rpm