webkit2gtk3-2.46.6-1.el8_10.ML.1

エラータID: AXSA:2025-9724:04

Release date: 
Thursday, March 6, 2025 - 13:41
Subject: 
webkit2gtk3-2.46.6-1.el8_10.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

* webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2024-54543)
* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2025-24143)
* webkitgtk: Copying a URL from Web Inspector may lead to command injection (CVE-2025-24150)
* webkitgtk: Processing web content may lead to a denial-of-service (CVE-2025-24158)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-24162)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-54543
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.2, tvOS 18.2, Safari 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to memory corruption.
CVE-2025-24143
The issue was addressed with improved access restrictions to the file system. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user.
CVE-2025-24150
A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3. Copying a URL from Web Inspector may lead to command injection.
CVE-2025-24158
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing web content may lead to a denial-of-service.
CVE-2025-24162
This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash.

Solution: 

Update packages.

CVEs: 
CVE-2024-54543
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.2, tvOS 18.2, Safari 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to memory corruption.
CVE-2025-24143
The issue was addressed with improved access restrictions to the file system. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user.
CVE-2025-24150
A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3. Copying a URL from Web Inspector may lead to command injection.
CVE-2025-24158
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing web content may lead to a denial-of-service.
CVE-2025-24162
This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash.
Additional Info: 

N/A

Download: 

SRPMS
  1. webkit2gtk3-2.46.6-1.el8_10.ML.1.src.rpm
    MD5: 0efc5d5b5722e56a889a2a6afc962783
    SHA-256: f04ca1c12ed556d83f46af76e29f5d2d5f8668e327c4956b1d9996a648e66a0a
    Size: 40.98 MB

Asianux Server 8 for x86_64
  1. webkit2gtk3-2.46.6-1.el8_10.ML.1.i686.rpm
    MD5: 404cd7b7c019b2a5a9b0b6ab5f9751f2
    SHA-256: 783d16bc84875b31ff9c5a0fd3399aca4b17000877d8fe9ae6092f368a9398d1
    Size: 30.71 MB
  2. webkit2gtk3-2.46.6-1.el8_10.ML.1.x86_64.rpm
    MD5: 7d2937c7561f9e6e3427b3de3866af37
    SHA-256: 6ad4d1c0746b158eb4355e0168826e82e0bd70c8f9f06c0674b856519b71f6e1
    Size: 28.01 MB
  3. webkit2gtk3-devel-2.46.6-1.el8_10.ML.1.i686.rpm
    MD5: 4ee9562e2609aad025f1fbb4d888c7c5
    SHA-256: 67931477ccd7775d027f5894f8c2b4b7054c789fcbaa2ba1e3f41d53cb0d81bb
    Size: 309.88 kB
  4. webkit2gtk3-devel-2.46.6-1.el8_10.ML.1.x86_64.rpm
    MD5: 4931d98e84766108d9f3924f66b8ccf5
    SHA-256: f11d5eaa4ab13830767dd62ba28a076b7ec54118812aa4bcd7e9bb04d6b164e8
    Size: 305.62 kB
  5. webkit2gtk3-jsc-2.46.6-1.el8_10.ML.1.i686.rpm
    MD5: 45bce9fed78a179c1a89adbe25b1f387
    SHA-256: 89424a65f7f6b4ef5fc9062e2963393a09ee3a1b653eb008f7bffb2bfc63961c
    Size: 4.33 MB
  6. webkit2gtk3-jsc-2.46.6-1.el8_10.ML.1.x86_64.rpm
    MD5: 735b2dac2b231e333ce703c57ef393f2
    SHA-256: b2e5941875f27a98701be7bc32c53402355128dc4ff5961c12526c6e9d4e5921
    Size: 4.53 MB
  7. webkit2gtk3-jsc-devel-2.46.6-1.el8_10.ML.1.i686.rpm
    MD5: 9b1a0e2107a76a740a7b97e36907aa5b
    SHA-256: 7af949549a64570228f4a63524e03adeb700aa8477c45a5d9dc5173c74d426ff
    Size: 177.83 kB
  8. webkit2gtk3-jsc-devel-2.46.6-1.el8_10.ML.1.x86_64.rpm
    MD5: 03efea29c66be8d33740f4f52ba4495b
    SHA-256: ce103319866e814fef7d1bedbe5cde7bec8d72d193a2eb9b1b6e2b508dc32476
    Size: 168.71 kB