Debian alert DSA-6042-1 (webkit2gtk)
| From: | Alberto Garcia <berto@debian.org> | |
| To: | debian-security-announce@lists.debian.org | |
| Subject: | [SECURITY] [DSA 6042-1] webkit2gtk security update | |
| Date: | Tue, 28 Oct 2025 10:57:39 +0000 | |
| Message-ID: | <aQCho81F17M1KKyi@seger.debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6042-1 security@debian.org https://www.debian.org/security/ Alberto Garcia October 28, 2025 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : webkit2gtk CVE ID : CVE-2025-43272 CVE-2025-43342 CVE-2025-43343 CVE-2025-43356 CVE-2025-43368 The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2025-43272 Big Bear discovered that processing maliciously crafted web content may lead to an unexpected process crash. CVE-2025-43342 An anonymous researcher discovered that processing maliciously crafted web content may lead to an unexpected process crash. CVE-2025-43343 An anonymous researcher discovered that processing maliciously crafted web content may lead to an unexpected process crash. CVE-2025-43356 Jaydev Ahire discovered that a website may be able to access sensor information without user consent. CVE-2025-43368 Pawel Wylecial discovered that processing maliciously crafted web content may lead to an unexpected process crash. This WebKitGTK update causes a compatibility problem with older versions of Evolution when handling e-mail attachments. For this reason, fixed versions of Evolution have also been released along with this WebKitGTK update. For the oldstable distribution (bookworm), these problems have been fixed in version 2.50.1-1~deb12u1. For the stable distribution (trixie), these problems have been fixed in version 2.50.1-1~deb13u1. We recommend that you upgrade your webkit2gtk packages. For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmkAoVkACgkQAAyEYu0C 2AJxfQ//bNXepToCzRm0pyrXz8PLfT4qUqamGcsIcjDOEYkeF3tJTD1jZ7Iq9yMC 1VgBoqPjt5LlCSt8i1jKMaoS1MaY+uH/uEOEy8+v3Nr+qoNoZK4G3/U9f8x5weGx eu2Dj4qMffzBlEMqQqeQn9WpTI9loLdMBeKsEg1ZrZSBPPaLDANCee15hJFHBnZ1 PlseePmMWHgWjJIqrXjPgkTrOsQ134nxetmup8B4iwNDG7n4b2TjAg3rpatCXnoP bqTJWbL4BbCMluIxbfQF4wPopv4xLRfqmCMlO2pq7LmmuFzhWR6bgkVMi3x9nlJ2 olLu5jKcEpSqLaVvgDvxOx+89gyk2wQUrFW/KfGB3Hzr8VY7fJ74iqh6lIO1IoGx tDDIrahZymtnhueY7ONotFQP9BHkw1H/4mpQ0GnFZ2ihDTGVpcWq9Lk0Eknhwi1T LDFU2U5n+U75ixTwDMJiKS7GfntJjbM+esDbDbuHUw3odnxLJhe6SAZxHp4Kmccq psNIHXYFrvjj+0tm7s+D7lPcHwN26Dc99shZAPwyJbtuHV1o/PjG3kPwWyDvLz2O tBzJQK+T8d3JaJ29lI0Uz1pVuXlbXOoIjdaMtEn6VncixC709Izu/+oSxodwB279 S8NozW6EwOJxl5IO95MW8U3rTSTiZ2879gV7+R38tws5tde4it0= =5F73 -----END PGP SIGNATURE-----