webkit2gtk3-2.52.4-1.el8_10.ML.1

エラータID: AXSA:2026-799:03

Release date: 
Friday, June 19, 2026 - 09:39
Subject: 
webkit2gtk3-2.52.4-1.el8_10.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28946)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28847)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28883)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28901)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28902)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28903)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28904)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28905)
* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-28907)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28942)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28947)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28953)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28955)
* webkitgtk: An app may be able to access sensitive user data (CVE-2026-28958)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-43658)
* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-43660)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2026-28847
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-28883
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-28901
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-28902
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-28903
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-28904
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-28905
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-28907
The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
CVE-2026-28942
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
CVE-2026-28946
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, macOS Tahoe 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
CVE-2026-28947
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
CVE-2026-28953
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-28955
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-28958
This issue was addressed with improved data protection. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access sensitive user data.
CVE-2026-43658
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
CVE-2026-43660
A validation issue was addressed with improved logic. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.

Solution: 

Update packages.

CVEs: 
CVE-2026-28847
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-28883
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-28901
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-28902
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-28903
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-28904
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-28905
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-28907
The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
CVE-2026-28942
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
CVE-2026-28946
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, macOS Tahoe 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Additional Info: 

N/A

Download: 

SRPMS
  1. webkit2gtk3-2.52.4-1.el8_10.ML.1.src.rpm
    MD5: 13f647676fec2e8a8a9ac6811698c656
    SHA-256: 8002ce9882bebf5c25fe321e8b124aaf5a0fc0a440d2ab6db0e1855501293e0c
    Size: 62.17 MB

Asianux Server 8 for x86_64
  1. webkit2gtk3-2.52.4-1.el8_10.ML.1.i686.rpm
    MD5: 6400ca105903b7b85765d3f3f544cb43
    SHA-256: 7d55383d79a6a4136cbec66b94bdd3a356213615545478b3a2607595196ff91e
    Size: 28.36 MB
  2. webkit2gtk3-2.52.4-1.el8_10.ML.1.x86_64.rpm
    MD5: 1a4251f0541909f074964e776ca54731
    SHA-256: f706af05fd6a0cdeded9a0045a89bfb60c7f4f57f9aed61a78482a1f2ec69b58
    Size: 28.35 MB
  3. webkit2gtk3-devel-2.52.4-1.el8_10.ML.1.i686.rpm
    MD5: f385479becbaef52579ff4153c75a3a4
    SHA-256: 5278f1c82fc88fde055112b6f498b64a65b8d01ac429d17d2ac450157c37d7e6
    Size: 309.71 kB
  4. webkit2gtk3-devel-2.52.4-1.el8_10.ML.1.x86_64.rpm
    MD5: 41a5c22c9fa368575518e0eb2f091527
    SHA-256: 5cd28a6625e32c6d0978faebb9d56f7dcccba9b628aff4bb3c7bff2a093bfb67
    Size: 311.49 kB
  5. webkit2gtk3-jsc-2.52.4-1.el8_10.ML.1.i686.rpm
    MD5: 23ff4e4435849ce9def4febdc2213fa5
    SHA-256: 45127d8ed94d488b09f09925adfcf75e8a4109fe04fc3f45f58231020aeb7883
    Size: 4.29 MB
  6. webkit2gtk3-jsc-2.52.4-1.el8_10.ML.1.x86_64.rpm
    MD5: 1863039ce0d5d5bdcc497e5c85828947
    SHA-256: 65d6b2affa7ad3df0dd662a0a08eb77cf02f6d7fd11d880241c0a4d702a0cc37
    Size: 8.58 MB
  7. webkit2gtk3-jsc-devel-2.52.4-1.el8_10.ML.1.i686.rpm
    MD5: cfa55625200a0eb4d74ae2d739b5aab3
    SHA-256: 5c08445c804ae5e946fe2e92ed2b006bfda2db516f54e6d879b900d89c11b51e
    Size: 167.50 kB
  8. webkit2gtk3-jsc-devel-2.52.4-1.el8_10.ML.1.x86_64.rpm
    MD5: ab7b9e536a7d2f078c93dda2d753e073
    SHA-256: b738e0ee1739e13fa02c5c855827428181f37cb0272e380d2985167fe156ba85
    Size: 167.98 kB