webkit2gtk3-2.48.5-1.el9_6

エラータID: AXSA:2025-10744:14

Release date: 
Friday, August 15, 2025 - 07:08
Subject: 
webkit2gtk3-2.48.5-1.el9_6
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

* angle: insufficient input validation can cause undefined behavior (CVE-2025-6558)
* webkitgtk: A download?s origin may be incorrectly associated (CVE-2025-43240)
* webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-31273)
* webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-31278)
* webkitgtk: Processing web content may lead to a denial-of-service (CVE-2025-43211)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43212)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43216)
* webkitgtk: Processing maliciously crafted web content may disclose sensitive user information (CVE-2025-43227)
* webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-43265)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-31273
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may lead to memory corruption.
CVE-2025-31278
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iPadOS 17.7.9, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may lead to memory corruption.
CVE-2025-43211
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iPadOS 17.7.9, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing web content may lead to a denial-of-service.
CVE-2025-43212
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.
CVE-2025-43216
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.6, watchOS 11.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, tvOS 18.6, macOS Sequoia 15.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.
CVE-2025-43227
This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may disclose sensitive user information.
CVE-2025-43240
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, Safari 18. 6. A download's origin may be incorrectly associated.
CVE-2025-43265
An out-of-bounds read was addressed with improved input validation. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may disclose internal states of the app.
CVE-2025-6558
Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Solution: 

Update packages.

CVEs: 
CVE-2025-31273
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2025-31278
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2025-43211
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2025-43212
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2025-43216
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2025-43227
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2025-43240
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2025-43265
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2025-6558
Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Additional Info: 

N/A

Download: 

SRPMS
  1. webkit2gtk3-2.48.5-1.el9_6.src.rpm
    MD5: 72555eca57050be88b892f3bf76dc5c5
    SHA-256: e553a9e2bd4b6e9606850b882f41f0d57fd02a10ad28214e98405cf4c6a510bc
    Size: 42.14 MB

Asianux Server 9 for x86_64
  1. webkit2gtk3-2.48.5-1.el9_6.i686.rpm
    MD5: e562a2603be89449f2b5495df057f77f
    SHA-256: 47f7126b9d75a6ad930eedf2d6343b9d38b34deb8501f286ac901931876f4de5
    Size: 32.35 MB
  2. webkit2gtk3-2.48.5-1.el9_6.x86_64.rpm
    MD5: f5bd3659483e34dd57035b239132107e
    SHA-256: fbd75b5b5d235beefa81452e0507bae823e7db96c54eb2f6d17caf775802f679
    Size: 26.78 MB
  3. webkit2gtk3-devel-2.48.5-1.el9_6.i686.rpm
    MD5: f8e0396c6f8f4a610df24867ccb374b3
    SHA-256: e259bc6ebbe934f7aa06e8eb141a827ee301e7db8ee3f242198a0c193fe58e38
    Size: 377.76 kB
  4. webkit2gtk3-devel-2.48.5-1.el9_6.x86_64.rpm
    MD5: 4af1d5e802b9b2600e97d1a442d03e32
    SHA-256: 4fd66420cb8d37eb8391dcf1a27130a9e4ec52d6670f600ea08a0aafc051d8af
    Size: 370.74 kB
  5. webkit2gtk3-jsc-2.48.5-1.el9_6.i686.rpm
    MD5: 8c2308d5d41dcb62930b69182f352b3b
    SHA-256: 62c094837a4bc68fd76795db92c642f12f611b0fd7ec55a7ac1e1602a6b5e9ca
    Size: 4.48 MB
  6. webkit2gtk3-jsc-2.48.5-1.el9_6.x86_64.rpm
    MD5: ec1d13329d69ed554abf6c09f87c8f04
    SHA-256: 435da62fcb11b02d4e3bc096a2cebaade6ca1d552d711ae63dfe4b216c7a6032
    Size: 8.54 MB
  7. webkit2gtk3-jsc-devel-2.48.5-1.el9_6.i686.rpm
    MD5: b2956b43951eee8aa024bc319e2534a7
    SHA-256: 1a5f50f42c2d721bf2fbf3f945848f5d01b7b9cbed9bde07d84ee9a32e00f97f
    Size: 187.94 kB
  8. webkit2gtk3-jsc-devel-2.48.5-1.el9_6.x86_64.rpm
    MD5: 2742fad07508a165d4a0ae09a2c0a9ae
    SHA-256: 740fde212ba6b46ccb5ddb91df8d10a3412bc54d6fa4b2aed21439b68c050270
    Size: 178.30 kB