Advisory: CLSA-2025:1767001828
OS: TuxCare 9.6 ESU
Public date: 2025-12-29 09:50:30.842959
Project: webkit2gtk3
Version: 2.50.3-1.el9_6.tuxcare.els1
Errata link: https://errata.tuxcare.com/els_os/tuxcare9.6esu/CLSA-2025-1767001828.html
- Update to 2.50.3 - Fix multiple security issues that could lead to crashes, memory corruption, or information disclosure when processing malicious web content: - CVE-2025-66287 - CVE-2025-43458 - CVE-2025-43421 - CVE-2025-13947 - Includes fixes previously released in version 2.50.2: - CVE-2025-13502: fix out-of-bounds read and integer underflow - CVE-2025-43443: fix unexpected process crash from malicious web content - CVE-2025-43440: fix DFG constant folding to skip unreachable blocks - CVE-2025-43434: fix use-after-free in WebAssembly globals and tables - CVE-2025-43432: fix use-after-free in WasmFunctionParser - CVE-2025-43431: fix dangling pointer in WebAssembly struct field types - CVE-2025-43430: fix BBQ JIT writing to incorrect stack slots - CVE-2025-43429: fix insufficient bounds checking in Unicode string handling - CVE-2025-43427: fix wrong jump table state handling that could lead to crashes - CVE-2025-43425: fix DFG node cloning flaw leading to crashes - CVE-2025-43392: fix cross-origin image data leak
Update command: dnf update webkit2gtk3*
webkit2gtk3-2.50.3-1.el9_6.tuxcare.els1.i686.rpm webkit2gtk3-2.50.3-1.el9_6.tuxcare.els1.x86_64.rpm webkit2gtk3-devel-2.50.3-1.el9_6.tuxcare.els1.i686.rpm webkit2gtk3-devel-2.50.3-1.el9_6.tuxcare.els1.x86_64.rpm webkit2gtk3-jsc-2.50.3-1.el9_6.tuxcare.els1.i686.rpm webkit2gtk3-jsc-2.50.3-1.el9_6.tuxcare.els1.x86_64.rpm webkit2gtk3-jsc-devel-2.50.3-1.el9_6.tuxcare.els1.i686.rpm webkit2gtk3-jsc-devel-2.50.3-1.el9_6.tuxcare.els1.x86_64.rpm