|
|
Subscribe / Log in / New account

Fedora alert FEDORA-2025-61ca72f430 (webkitgtk)



From:
              updates--- via package-announce <package-announce@lists.fedoraproject.org>


To:
              package-announce@lists.fedoraproject.org


Subject:
              [SECURITY] Fedora 42 Update: webkitgtk-2.48.5-1.fc42


Date:
              Fri, 08 Aug 2025 00:55:29 +0000


Message-ID:
              <20250808005529.2B98688A93@bastion01.rdu3.fedoraproject.org>


Archive-link:
              Article


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-61ca72f430
2025-08-08 00:53:07.924008+00:00
--------------------------------------------------------------------------------

Name        : webkitgtk
Product     : Fedora 42
Version     : 2.48.5
Release     : 1.fc42
URL         : https://www.webkitgtk.org/
Summary     : GTK web content engine library
Description :
WebKitGTK is the port of the WebKit web rendering engine to the
GTK platform.

--------------------------------------------------------------------------------
Update Information:

Update to 2.48.5. Changes since 2.48.3:
Improve emoji font selection.
Improve playback of multimedia streams from blob URLs.
Fix crash when using a WebKitWebView widget in an offscreen window.
Fix several crashes and rendering issues.
CVE-2025-31273, CVE-2025-31278, CVE-2025-43211, CVE-2025-43212, CVE-2025-43216,
CVE-2025-43227, CVE-2025-43240, CVE-2025-43265, CVE-2025-6558
--------------------------------------------------------------------------------
ChangeLog:

* Tue Aug  5 2025 Michael Catanzaro <mcatanzaro@redhat.com> - 2.48.5-1
- Update to 2.48.5
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2386383 - CVE-2025-43265 webkitgtk: Processing maliciously crafted web content may
disclose internal states of the app [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2386383
  [ 2 ] Bug #2386384 - CVE-2025-43227 webkitgtk: Processing maliciously crafted web content may
disclose sensitive user information [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2386384
  [ 3 ] Bug #2386387 - CVE-2025-43216 webkitgtk: Processing maliciously crafted web content may
lead to an unexpected Safari crash [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2386387
  [ 4 ] Bug #2386390 - CVE-2025-43212 webkitgtk: Processing maliciously crafted web content may
lead to an unexpected Safari crash [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2386390
  [ 5 ] Bug #2386397 - CVE-2025-43211 webkitgtk: Processing web content may lead to a
denial-of-service [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2386397
  [ 6 ] Bug #2386406 - CVE-2025-31278 webkitgtk: Processing maliciously crafted web content may
lead to memory corruption [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2386406
  [ 7 ] Bug #2386409 - CVE-2025-31273 webkitgtk: Processing maliciously crafted web content may
lead to memory corruption [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2386409
  [ 8 ] Bug #2386415 - CVE-2025-43240 webkitgtk: A download’s origin may be incorrectly associated
[epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2386415
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-61ca72f430' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgr...

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------





Attachment: None (type=text/plain)

-- 
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond...
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/package-ann...
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds