Release Info

Advisory: CLSA-2025:1756751564

OS: AlmaLinux 9.2 ESU

Public date: 2025-09-01 18:32:46.61958

Project: webkit2gtk3

Version: 2.48.5-1.el9.tuxcare.els1

Errata link: https://errata.tuxcare.com/els_os/almalinux9.2esu/CLSA-2025-1756751564.html

Changelog

- Update to 2.48.5. The following CVEs were fixed: - CVE-2025-6558: fix processing maliciously crafted web content which may lead to an unexpected Safari crash - CVE-2025-31273: fix processing maliciously crafted web content which may lead to memory corruption - CVE-2025-31278: fix processing maliciously crafted web content which may lead to memory corruption - CVE-2025-43212: fix processing maliciously crafted web content which may lead to an unexpected Safari crash - CVE-2025-43216: fix processing maliciously crafted web content which may lead to an unexpected Safari crash - CVE-2025-43228: fix issue with visiting a malicious website which may lead to address bar spoofing - CVE-2025-24189: fix processing maliciously crafted web content which may lead to memory corruption - CVE-2025-31205: fix issue with a malicious website which may exfiltrate data cross-origin - CVE-2025-24208: fix loading a malicious iframe which may lead to a cross-site scripting attack - CVE-2024-54551: fix processing web content which may lead to a denial-of-service - CVE-2024-44192: fix processing maliciously crafted web content which may lead to an unexpected process crash - CVE-2024-54467: fix issue with a malicious website which may exfiltrate data cross-origin - CVE-2025-24162: fix processing maliciously crafted web content which may lead to an unexpected process crash - CVE-2024-54502: fix processing maliciously crafted web content which may lead to an unexpected process crash - CVE-2024-44244: fix processing maliciously crafted web content which may lead to an unexpected process crash - CVE-2024-44185: fix processing maliciously crafted web content which may lead to an unexpected process crash - CVE-2024-44187: fix issue wit a malicious website may exfiltrate data cross-origin - CVE-2024-40866: fix issue with visiting a malicious website which may lead to address bar spoofing

Update

Update command: dnf update webkit2gtk3*

Packages list

webkit2gtk3-2.48.5-1.el9.tuxcare.els1.x86_64.rpm webkit2gtk3-devel-2.48.5-1.el9.tuxcare.els1.x86_64.rpm webkit2gtk3-jsc-2.48.5-1.el9.tuxcare.els1.x86_64.rpm webkit2gtk3-jsc-devel-2.48.5-1.el9.tuxcare.els1.x86_64.rpm

CVEs

CVE-2024-44192
CVE-2024-44244
CVE-2024-40866
CVE-2024-54502
CVE-2024-44185
CVE-2024-54467
CVE-2025-24162
CVE-2025-31278
CVE-2025-43216
CVE-2025-43212
CVE-2025-6558
CVE-2025-31273
CVE-2025-24189
CVE-2025-31205
CVE-2025-24208
CVE-2024-54551
CVE-2024-44187