webkit2gtk3-2.46.6-1.el9_5

エラータID: AXSA:2025-9723:03

Release date: 
Wednesday, March 5, 2025 - 17:53
Subject: 
webkit2gtk3-2.46.6-1.el9_5
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

* webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2024-54543)
* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2025-24143)
* webkitgtk: Copying a URL from Web Inspector may lead to command injection (CVE-2025-24150)
* webkitgtk: Processing web content may lead to a denial-of-service (CVE-2025-24158)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-24162)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-54543
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.2, tvOS 18.2, Safari 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to memory corruption.
CVE-2025-24143
The issue was addressed with improved access restrictions to the file system. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user.
CVE-2025-24150
A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3. Copying a URL from Web Inspector may lead to command injection.
CVE-2025-24158
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing web content may lead to a denial-of-service.
CVE-2025-24162
This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash.

Solution: 

Update packages.

CVEs: 
CVE-2024-54543
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.2, tvOS 18.2, Safari 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to memory corruption.
CVE-2025-24143
The issue was addressed with improved access restrictions to the file system. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user.
CVE-2025-24150
A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3. Copying a URL from Web Inspector may lead to command injection.
CVE-2025-24158
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing web content may lead to a denial-of-service.
CVE-2025-24162
This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash.
Additional Info: 

N/A

Download: 

SRPMS
  1. webkit2gtk3-2.46.6-1.el9_5.src.rpm
    MD5: 9da281c8907c9a86205090f438ac9b27
    SHA-256: 806402cc7831b232f92fe82edcdac304657666c248595476bd1d9973d4e00cfc
    Size: 40.96 MB

Asianux Server 9 for x86_64
  1. webkit2gtk3-2.46.6-1.el9_5.i686.rpm
    MD5: e6801fcc1829e512076c3c9f2e49bd7d
    SHA-256: 9b9fef1aa22276dd6f1a74e8952962a59ad8019ea898da774fd9d14797519fed
    Size: 29.92 MB
  2. webkit2gtk3-2.46.6-1.el9_5.x86_64.rpm
    MD5: 44810335f45efbc5ef523a3aca8c1af3
    SHA-256: 73d29796fef2ae2df9b8dfb02d23d7fb6fb1b9ed1b088d6cae4b2f022e15880c
    Size: 24.90 MB
  3. webkit2gtk3-devel-2.46.6-1.el9_5.i686.rpm
    MD5: 9362a4b93ca9060c6ff430cb53b35b95
    SHA-256: 728948d9f93404cb488fb6f48718ae9b10f95e103eb4f0a8c6655009374ba069
    Size: 374.86 kB
  4. webkit2gtk3-devel-2.46.6-1.el9_5.x86_64.rpm
    MD5: f394e55a5661da4a7d4a6f9a1960e609
    SHA-256: c0096c6440daf3fa09fb98d4eec24a173a4a088897baeee0f71f4b123d347abf
    Size: 368.34 kB
  5. webkit2gtk3-jsc-2.46.6-1.el9_5.i686.rpm
    MD5: f39e6c5a20ddf98db6438f625d2e450a
    SHA-256: 234aba2e4ae67206858bac3f010ffc9b4e19901492e7e597cd118524a86d7642
    Size: 4.18 MB
  6. webkit2gtk3-jsc-2.46.6-1.el9_5.x86_64.rpm
    MD5: e2606b70cae58c8186de951e2a84b507
    SHA-256: 6f4a61ff1ed9f331e60579d7c2807bd0133d0d560895a272ef0000b7b1b71b1e
    Size: 4.43 MB
  7. webkit2gtk3-jsc-devel-2.46.6-1.el9_5.i686.rpm
    MD5: 2bf01e0afc67833bb7eb7384f73f6f42
    SHA-256: c2e865de7fcadff2e8638e5937f6ec321fd03fcbdd13a588c78db5e86396f5c3
    Size: 184.42 kB
  8. webkit2gtk3-jsc-devel-2.46.6-1.el9_5.x86_64.rpm
    MD5: d3273dd7a1e6fe556a558e9860312996
    SHA-256: 47937a422ee95cc097d1c99a080d2451760296d2d1a9049e2ec3685aacef5662
    Size: 170.76 kB