webkit2gtk3-2.48.1-1.el9_5

エラータID: AXSA:2025-9847:07

Release date: 
Thursday, April 10, 2025 - 20:24
Subject: 
webkit2gtk3-2.48.1-1.el9_5
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44192)
* webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2024-54467)
* webkitgtk: Processing web content may lead to a denial-of-service (CVE-2024-54551)
* webkitgtk: Loading a malicious iframe may lead to a cross-site scripting attack (CVE-2025-24208)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-24209)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-24216)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-30427)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-44192
The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2024-54467
A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
CVE-2024-54551
The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6 and iPadOS 17.6. Processing web content may lead to a denial-of-service.
CVE-2025-24208
A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4. Loading a malicious iframe may lead to a cross-site scripting attack.
CVE-2025-24209
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-24216
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.
CVE-2025-30427
A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. webkit2gtk3-2.48.1-1.el9_5.src.rpm
    MD5: c27aa1b18694ba4345c3736502a5f297
    SHA-256: 1868f2cd4519bf78b3439468e1adfb074b7e9ac201cf572b837804b3a2b252e0
    Size: 42.17 MB

Asianux Server 9 for x86_64
  1. webkit2gtk3-2.48.1-1.el9_5.i686.rpm
    MD5: 3f61487fb80121a5b2dd4317989fbe1f
    SHA-256: 7ac925b438d75b42f0b631e22182ec2da393e8568247ceb656320f48bad5f230
    Size: 32.33 MB
  2. webkit2gtk3-2.48.1-1.el9_5.x86_64.rpm
    MD5: c375cb9ac3c4a1c528c8765bb6f4387b
    SHA-256: a1a5037545f77a13db30b6109a1784d11c38c1b0582d4398191c771b63600e6d
    Size: 26.75 MB
  3. webkit2gtk3-devel-2.48.1-1.el9_5.i686.rpm
    MD5: b38a5d3833fdb7f6aae1b02ba4680eaf
    SHA-256: c6f8f44c38da26ef81f57b7cab8bc936438866b124c49881cfe848c6ae74e9a7
    Size: 378.21 kB
  4. webkit2gtk3-devel-2.48.1-1.el9_5.x86_64.rpm
    MD5: 4de5af243557baff8e66401c0bfbe16b
    SHA-256: 54a9975c127f28bed27736eb3213ae8e03b67ce619cc2a2f1c1f2e89d1852e16
    Size: 371.03 kB
  5. webkit2gtk3-jsc-2.48.1-1.el9_5.i686.rpm
    MD5: 3e58db89ff5d93d7cb30ec8e938f3a82
    SHA-256: d138475c92ed4cd30ba7a176f856c9cf857a61da3c2f985607ec55e28033c1de
    Size: 4.48 MB
  6. webkit2gtk3-jsc-2.48.1-1.el9_5.x86_64.rpm
    MD5: 16f31ef311fd51776e08e133bf281085
    SHA-256: 4b51f618a7c3eaf0c13ba4a25530d18db8fa2088156c6b00663365287d149414
    Size: 4.71 MB
  7. webkit2gtk3-jsc-devel-2.48.1-1.el9_5.i686.rpm
    MD5: 318a50bf7cb3796e0394423a1412127f
    SHA-256: f1d89679786b849158dd4142960e6eb5988152e8f66a4e8065346c11786180ff
    Size: 188.34 kB
  8. webkit2gtk3-jsc-devel-2.48.1-1.el9_5.x86_64.rpm
    MD5: a59111d67b81d978ecdc7a272ac8eb9e
    SHA-256: f311703d7f2422ab084e7be8f51c54e2a56f7d82507565b3233a597d6da129b8
    Size: 175.17 kB