webkit2gtk3-2.50.4-1.el8_10.ML.1

エラータID: AXSA:2025-11613:22

Release date: 
Thursday, December 25, 2025 - 11:39
Subject: 
webkit2gtk3-2.50.4-1.el8_10.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

* webkitgtk: webkitgtk: Use-after-free due to improper memory management (CVE-2025-43529)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43501)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43531)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43535)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43536)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43541)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-43501
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43529
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
CVE-2025-43531
A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43535
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43536
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43541
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Solution: 

Update packages.

CVEs: 
CVE-2025-43501
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43529
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
CVE-2025-43531
A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43535
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43536
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43541
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Additional Info: 

N/A

Download: 

SRPMS
  1. webkit2gtk3-2.50.4-1.el8_10.ML.1.src.rpm
    MD5: 0058f37011e4ec8a5f661e7e518beeab
    SHA-256: 920f4a07d93d8045556c6ca5275f77038b81e20914893cea3216193a8fde6717
    Size: 43.25 MB

Asianux Server 8 for x86_64
  1. webkit2gtk3-2.50.4-1.el8_10.ML.1.i686.rpm
    MD5: fad49254090e794723ce52b30f1a6c56
    SHA-256: 63622cc4f52bcd9f3a61027306bb6b8c1b9bdd64f6d98685fbc2aefb90fc20fe
    Size: 27.10 MB
  2. webkit2gtk3-2.50.4-1.el8_10.ML.1.x86_64.rpm
    MD5: e8010a96380cb243b959601e2114a36c
    SHA-256: 1b187d6a80846ac8a694cce84c58fd2b068ea17f5e8de44a8fe599db1f06affc
    Size: 26.85 MB
  3. webkit2gtk3-devel-2.50.4-1.el8_10.ML.1.i686.rpm
    MD5: 65908b2b394aebee23bd441b85df9407
    SHA-256: 14e6462819b3c375d99726e6f3a8daf0d54e42085fd4b1fffddf11dec2d86ce6
    Size: 308.08 kB
  4. webkit2gtk3-devel-2.50.4-1.el8_10.ML.1.x86_64.rpm
    MD5: a0bf51a5b8a3283c49f826b3b454ea34
    SHA-256: 231e3696fafa25be3e6cf6919f66b912ed84d9a5e4200d9d970da7f6d480c9f6
    Size: 309.84 kB
  5. webkit2gtk3-jsc-2.50.4-1.el8_10.ML.1.i686.rpm
    MD5: 44ea8f5e3fc37584fce019b8fd13f523
    SHA-256: d55b93a957773e269f1279c7be3cf4caaa7289145853b39c793878e9cae3a203
    Size: 4.09 MB
  6. webkit2gtk3-jsc-2.50.4-1.el8_10.ML.1.x86_64.rpm
    MD5: 21592d0286773e6f76398eb4f5204948
    SHA-256: 8c5a4dd096f897dde04536ed9d0d934ca6d6d2c41c086d7f07f5908ea77c8deb
    Size: 8.09 MB
  7. webkit2gtk3-jsc-devel-2.50.4-1.el8_10.ML.1.i686.rpm
    MD5: 487365f15bbca693abf28660e2859aef
    SHA-256: d923a2e5de89da623041f37f195890cf7816e4ed26e1afcb6b9c650ec53d8af2
    Size: 166.61 kB
  8. webkit2gtk3-jsc-devel-2.50.4-1.el8_10.ML.1.x86_64.rpm
    MD5: af73f8c9eff971a53be0979c31502551
    SHA-256: e4d9300701961d04feac29ed4b6c47ad625ead7d49dd14dfdfb22e5e794fe5bd
    Size: 163.77 kB