webkit2gtk3-2.48.5-1.el8_10.ML.1

エラータID: AXSA:2025-10757:15

リリース日: 
2025/08/20 Wednesday - 09:24
題名: 
webkit2gtk3-2.48.5-1.el8_10.ML.1
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

* angle: insufficient input validation can cause undefined behavior (CVE-2025-6558)
* webkitgtk: A download?s origin may be incorrectly associated (CVE-2025-43240)
* webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-31273)
* webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-31278)
* webkitgtk: Processing web content may lead to a denial-of-service (CVE-2025-43211)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43212)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43216)
* webkitgtk: Processing maliciously crafted web content may disclose sensitive user information (CVE-2025-43227)
* webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-43265)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-31273
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may lead to memory corruption.
CVE-2025-31278
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iPadOS 17.7.9, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may lead to memory corruption.
CVE-2025-43211
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iPadOS 17.7.9, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing web content may lead to a denial-of-service.
CVE-2025-43212
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.
CVE-2025-43216
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.6, watchOS 11.6, iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, tvOS 18.6, macOS Sequoia 15.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.
CVE-2025-43227
This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may disclose sensitive user information.
CVE-2025-43240
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, Safari 18. 6. A download's origin may be incorrectly associated.
CVE-2025-43265
An out-of-bounds read was addressed with improved input validation. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may disclose internal states of the app.
CVE-2025-6558
Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

解決策: 

Update packages.

CVE: 
CVE-2025-31273
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2025-31278
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2025-43211
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2025-43212
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2025-43216
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2025-43227
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2025-43240
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2025-43265
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2025-6558
Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. webkit2gtk3-2.48.5-1.el8_10.ML.1.src.rpm
    MD5: 111f9e50084076d21409e911aaeda5b8
    SHA-256: 937bf21ed386ae957edbda4a1f6a445c1ec18d40250f6b372771b9abb1d26b1f
    Size: 42.15 MB

Asianux Server 8 for x86_64
  1. webkit2gtk3-2.48.5-1.el8_10.ML.1.i686.rpm
    MD5: 7ffe75dd044250ba1c1b344120ce3bf2
    SHA-256: 2e3219d79fa3078e422a1dc394071980c12702913bb215431ed19962efd02f03
    Size: 26.53 MB
  2. webkit2gtk3-2.48.5-1.el8_10.ML.1.x86_64.rpm
    MD5: a4d842f8a32de765e3059844f912e309
    SHA-256: 79a9119713860179ec05a64cbe878eaf9f9cde540360765c737ce39d32a61fff
    Size: 26.41 MB
  3. webkit2gtk3-devel-2.48.5-1.el8_10.ML.1.i686.rpm
    MD5: 5b4257e277938ce7a7dcb03fd19f466f
    SHA-256: 23ef574fabb004fc2882ed027520d97a230941d7c56a0833106475e634d9a32e
    Size: 307.63 kB
  4. webkit2gtk3-devel-2.48.5-1.el8_10.ML.1.x86_64.rpm
    MD5: ec988181cf47f02d8b0e6ff239e85c06
    SHA-256: ede4a05c125e7bb06058ea4b9814866a95fdc194df43968d5bd5861f0cf65d6d
    Size: 309.25 kB
  5. webkit2gtk3-jsc-2.48.5-1.el8_10.ML.1.i686.rpm
    MD5: 1392196a8156e102b3223d14150665e3
    SHA-256: e7707de785f88b2a96e9186a68d2317d0cd6df28d69ef60c879724c4d9881854
    Size: 3.87 MB
  6. webkit2gtk3-jsc-2.48.5-1.el8_10.ML.1.x86_64.rpm
    MD5: 0fea6ff17aa6b907cb9174dcdc22374f
    SHA-256: f459ff72d2a0d7310ac1fd6f549ec3dc243903a878e2bb3fa60a7ff9401bfc12
    Size: 7.71 MB
  7. webkit2gtk3-jsc-devel-2.48.5-1.el8_10.ML.1.i686.rpm
    MD5: e882e15e329e0490646bd93f23616b12
    SHA-256: b320128cd8365fa6fc32df2c3e7474654c544b704d84ad96bec294993757bbdf
    Size: 165.08 kB
  8. webkit2gtk3-jsc-devel-2.48.5-1.el8_10.ML.1.x86_64.rpm
    MD5: 9d79f4ef4e002c19ca379df0c3e30486
    SHA-256: 95b678d6ff50f24e494de99d3220819f079dbf8b78cde899c69c8974e22025c0
    Size: 162.38 kB