webkit2gtk3-2.50.4-1.el9_7

エラータID: AXSA:2025-11641:23

リリース日: 
2025/12/26 Friday - 20:00
題名: 
webkit2gtk3-2.50.4-1.el9_7
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

* webkitgtk: webkitgtk: Use-after-free due to improper memory management (CVE-2025-43529)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43501)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43531)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43535)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43536)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43541)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-43501
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43529
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
CVE-2025-43531
A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43535
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43536
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43541
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.

解決策: 

Update packages.

CVE: 
CVE-2025-43501
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43529
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
CVE-2025-43531
A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43535
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43536
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2025-43541
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. webkit2gtk3-2.50.4-1.el9_7.src.rpm
    MD5: 6efc34c0d9482ddca2ab6efcbe4da02e
    SHA-256: fe75054cf6ee3159d10facda669061eeda25f9380c21c3e12d7e0099d34b38bb
    Size: 43.23 MB

Asianux Server 9 for x86_64
  1. webkit2gtk3-2.50.4-1.el9_7.i686.rpm
    MD5: aebc20828afa205cbc63816c03f38ef7
    SHA-256: 3aa6ee83d6e297d34b4d8b8a2bf6141d3524834a4aec2c1af4f2722a91ff2ad5
    Size: 26.72 MB
  2. webkit2gtk3-2.50.4-1.el9_7.x86_64.rpm
    MD5: 0b8a4b9782484ab3864dafce57632098
    SHA-256: b78c44b3a6401954a5e4582cfd2c299c91419356a9a240bd41be4744ca114980
    Size: 27.47 MB
  3. webkit2gtk3-devel-2.50.4-1.el9_7.i686.rpm
    MD5: 9f11b667f618d7d1ab7a8c772b7545ea
    SHA-256: 2aa8a708ef673e7fd270e70b58d7d02b4484551e918422adb25fe39521f2c69b
    Size: 370.83 kB
  4. webkit2gtk3-devel-2.50.4-1.el9_7.x86_64.rpm
    MD5: 0830f8bfe17aa110be0a75b6918da95f
    SHA-256: 58fe59fd425faa63a07c04fbb19c1666b70fabd3e261a420c8f4823c4634877c
    Size: 369.11 kB
  5. webkit2gtk3-jsc-2.50.4-1.el9_7.i686.rpm
    MD5: 29021ff3c8acde552ebb9e03eff53f3e
    SHA-256: 90bbb7c3f7554f18a22552596fa390021b8db4fcc38b36c52f9de9d442134fc6
    Size: 3.97 MB
  6. webkit2gtk3-jsc-2.50.4-1.el9_7.x86_64.rpm
    MD5: c72281966ef99e82db49786976ab0673
    SHA-256: 8b3f195f1a0830e748ce9cd3e2c8e2939396ff8ad2f67e812d98fadac15abb76
    Size: 8.62 MB
  7. webkit2gtk3-jsc-devel-2.50.4-1.el9_7.i686.rpm
    MD5: 51d4fe1e4056087c6ab79502df9b3cfb
    SHA-256: 27d71dd6d02c38e5c90cc42f58db84755115d8853ed45ca88a313774ce39372b
    Size: 170.55 kB
  8. webkit2gtk3-jsc-devel-2.50.4-1.el9_7.x86_64.rpm
    MD5: 16eace814b0be5650c63d2b3cb681b5f
    SHA-256: de3c7ece44c3037c006b972671c1fa3ae0a2523fef1609d7cb95c621bcc12101
    Size: 160.65 kB