webkit2gtk3-2.48.1-1.el9_5
エラータID: AXSA:2025-9847:07
リリース日:
2025/04/10 Thursday - 20:24
題名:
webkit2gtk3-2.48.1-1.el9_5
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- WebKitGTK には、チェック処理に問題があるため、ローカルの攻撃者
により、細工された Web コンテンツの処理を介して、サービス拒否攻撃
(クラッシュの発生) を可能とする脆弱性が存在します。
(CVE-2024-44192)
- WebKitGTK には、Cookie データの処理に問題があるため、リモート
の攻撃者により、細工された Web サイトを閲覧させることを介して、
オリジン間でのデータの漏洩を可能とする脆弱性が存在します。
(CVE-2024-54467)
- WebKitGTK には、メモリ領域の範囲外アクセスの問題があるため、
リモートの攻撃者により、サービス拒否攻撃を可能とする脆弱性が存在
します。(CVE-2024-54551)
- WebKitGTK には、リモートの攻撃者により、クロスサイト
スクリプティング攻撃を可能とする脆弱性が存在します。
(CVE-2025-24208)
- WebKitGTK には、バッファーオーバーフローの問題があるため、
リモートの攻撃者により、サービス拒否攻撃 (クラッシュの発生) を
可能とする脆弱性が存在します。(CVE-2025-24209)
- WebKitGTK には、メモリ領域の範囲外アクセスの問題があるため、
リモートの攻撃者により、サービス拒否攻撃 (クラッシュの発生) を
可能とする脆弱性が存在します。(CVE-2025-24216)
- WebKitGTK には、メモリ領域の解放後利用の問題があるため、
リモートの攻撃者により、サービス拒否攻撃 (クラッシュの発生) を
可能とする脆弱性が存在します。(CVE-2025-30427)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-44192
The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.
The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2024-54467
A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
CVE-2024-54551
The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6 and iPadOS 17.6. Processing web content may lead to a denial-of-service.
The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6 and iPadOS 17.6. Processing web content may lead to a denial-of-service.
CVE-2025-24208
A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4. Loading a malicious iframe may lead to a cross-site scripting attack.
A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4. Loading a malicious iframe may lead to a cross-site scripting attack.
CVE-2025-24209
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Processing maliciously crafted web content may lead to an unexpected process crash.
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-24216
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.
CVE-2025-30427
A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.
A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.
追加情報:
N/A
ダウンロード:
SRPMS
- webkit2gtk3-2.48.1-1.el9_5.src.rpm
MD5: c27aa1b18694ba4345c3736502a5f297
SHA-256: 1868f2cd4519bf78b3439468e1adfb074b7e9ac201cf572b837804b3a2b252e0
Size: 42.17 MB
Asianux Server 9 for x86_64
- webkit2gtk3-2.48.1-1.el9_5.i686.rpm
MD5: 3f61487fb80121a5b2dd4317989fbe1f
SHA-256: 7ac925b438d75b42f0b631e22182ec2da393e8568247ceb656320f48bad5f230
Size: 32.33 MB - webkit2gtk3-2.48.1-1.el9_5.x86_64.rpm
MD5: c375cb9ac3c4a1c528c8765bb6f4387b
SHA-256: a1a5037545f77a13db30b6109a1784d11c38c1b0582d4398191c771b63600e6d
Size: 26.75 MB - webkit2gtk3-devel-2.48.1-1.el9_5.i686.rpm
MD5: b38a5d3833fdb7f6aae1b02ba4680eaf
SHA-256: c6f8f44c38da26ef81f57b7cab8bc936438866b124c49881cfe848c6ae74e9a7
Size: 378.21 kB - webkit2gtk3-devel-2.48.1-1.el9_5.x86_64.rpm
MD5: 4de5af243557baff8e66401c0bfbe16b
SHA-256: 54a9975c127f28bed27736eb3213ae8e03b67ce619cc2a2f1c1f2e89d1852e16
Size: 371.03 kB - webkit2gtk3-jsc-2.48.1-1.el9_5.i686.rpm
MD5: 3e58db89ff5d93d7cb30ec8e938f3a82
SHA-256: d138475c92ed4cd30ba7a176f856c9cf857a61da3c2f985607ec55e28033c1de
Size: 4.48 MB - webkit2gtk3-jsc-2.48.1-1.el9_5.x86_64.rpm
MD5: 16f31ef311fd51776e08e133bf281085
SHA-256: 4b51f618a7c3eaf0c13ba4a25530d18db8fa2088156c6b00663365287d149414
Size: 4.71 MB - webkit2gtk3-jsc-devel-2.48.1-1.el9_5.i686.rpm
MD5: 318a50bf7cb3796e0394423a1412127f
SHA-256: f1d89679786b849158dd4142960e6eb5988152e8f66a4e8065346c11786180ff
Size: 188.34 kB - webkit2gtk3-jsc-devel-2.48.1-1.el9_5.x86_64.rpm
MD5: a59111d67b81d978ecdc7a272ac8eb9e
SHA-256: f311703d7f2422ab084e7be8f51c54e2a56f7d82507565b3233a597d6da129b8
Size: 175.17 kB
English