webkit2gtk3-2.48.1-1.el9_6
エラータID: AXSA:2025-10459:10
リリース日:
2025/07/14 Monday - 19:13
題名:
webkit2gtk3-2.48.1-1.el9_6
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- WebKitGTK には、チェック処理に問題があるため、ローカルの攻撃者
により、細工された Web コンテンツの処理を介して、サービス拒否攻撃
(クラッシュの発生) を可能とする脆弱性が存在します。
(CVE-2024-44192)
- WebKitGTK には、Cookie データの処理に問題があるため、リモート
の攻撃者により、細工された Web サイトを閲覧させることを介して、
オリジン間でのデータの漏洩を可能とする脆弱性が存在します。
(CVE-2024-54467)
- WebKitGTK には、メモリ領域の範囲外アクセスの問題があるため、
リモートの攻撃者により、サービス拒否攻撃を可能とする脆弱性が存在
します。(CVE-2024-54551)
- WebKitGTK には、リモートの攻撃者により、クロスサイトスクリプ
ティング攻撃を可能とする脆弱性が存在します。(CVE-2025-24208)
- WebKitGTK には、バッファーオーバーフローの問題があるため、
リモートの攻撃者により、サービス拒否攻撃 (クラッシュの発生) を
可能とする脆弱性が存在します。(CVE-2025-24209)
- WebKitGTK には、メモリ領域の範囲外アクセスの問題があるため、
リモートの攻撃者により、サービス拒否攻撃 (クラッシュの発生) を
可能とする脆弱性が存在します。(CVE-2025-24216)
- WebKitGTK には、メモリ領域の解放後利用の問題があるため、
リモートの攻撃者により、サービス拒否攻撃 (クラッシュの発生) を
可能とする脆弱性が存在します。(CVE-2025-30427)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-44192
The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.
The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2024-54467
A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
CVE-2024-54551
The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6 and iPadOS 17.6. Processing web content may lead to a denial-of-service.
The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6 and iPadOS 17.6. Processing web content may lead to a denial-of-service.
CVE-2025-24208
A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4. Loading a malicious iframe may lead to a cross-site scripting attack.
A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4. Loading a malicious iframe may lead to a cross-site scripting attack.
CVE-2025-24209
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Processing maliciously crafted web content may lead to an unexpected process crash.
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-24216
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.
CVE-2025-30427
A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.
A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.
追加情報:
N/A
ダウンロード:
SRPMS
- webkit2gtk3-2.48.1-1.el9_6.src.rpm
MD5: e892e8308f7c95dc5e8c8cef17408e0a
SHA-256: 29e77d5739b5afc038cd8b8adb04c11172c4b395e9a5507f439765bcd03b8d42
Size: 42.17 MB
Asianux Server 9 for x86_64
- webkit2gtk3-2.48.1-1.el9_6.i686.rpm
MD5: a137c54de5a4c452d30df5495cfe6752
SHA-256: 695ad4344b30ae3774681b2341d58105a8f0704f5d089148b52852de216b6714
Size: 32.33 MB - webkit2gtk3-2.48.1-1.el9_6.x86_64.rpm
MD5: 9345c263c131b802bd03b43e344a2b12
SHA-256: f6ee98ec10322f0314bb20958d2aa9ad6e7448a2133993390ff6a570cb24190f
Size: 26.72 MB - webkit2gtk3-devel-2.48.1-1.el9_6.i686.rpm
MD5: 65de5b65f0fb19258823665f982bde17
SHA-256: 600e3911701a4a6fbdbc4426c87db7d5f58f6977bdb7e439953f5e518cce85ee
Size: 378.10 kB - webkit2gtk3-devel-2.48.1-1.el9_6.x86_64.rpm
MD5: 825f0b4928f3bedbbf29e6db04e10f95
SHA-256: 610848e97532e6313028358f87b85a1c23577e751da0f5810ebb9eb503007cfe
Size: 371.21 kB - webkit2gtk3-jsc-2.48.1-1.el9_6.i686.rpm
MD5: 92e3eef76d6ae49ff272bfe63c0ca602
SHA-256: 8afa18ffe3cf1c7d379932195113de001c8b4dffa39200c5bab0d6151239645d
Size: 4.48 MB - webkit2gtk3-jsc-2.48.1-1.el9_6.x86_64.rpm
MD5: e29b502f4b8da96c8068387310b4d011
SHA-256: e48339b518d5c2f0d3eb7a1ecb3341582df4f2bd5728333e450caf0c1fe05651
Size: 4.71 MB - webkit2gtk3-jsc-devel-2.48.1-1.el9_6.i686.rpm
MD5: ab43ebce7cec75a3c1caa449e082339c
SHA-256: 8d53183487dff1e511ff7b30f64a317bb58d3cf37aa8030d91a5f152b5a66c9d
Size: 188.30 kB - webkit2gtk3-jsc-devel-2.48.1-1.el9_6.x86_64.rpm
MD5: 5dfa30a7741750c80ca473315a325afb
SHA-256: eb2c907e03cdd7aa7c494321cff3dedc90ef69d83583d31971c69c1f64645c3f
Size: 174.94 kB
English