|
|
Log in / Subscribe / Register

Debian alert DLA-4399-1 (webkit2gtk)



From:
              Emilio Pozuelo Monfort <pochu@debian.org>


To:
              <debian-lts-announce@lists.debian.org>


Subject:
              [SECURITY] [DLA 4399-1] webkit2gtk security update


Date:
              Wed, 10 Dec 2025 09:05:39 +0100


Message-ID:
              <20251210080539.6FD535F00082@kamino>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4399-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
December 10, 2025                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : webkit2gtk
Version        : 2.50.3-1~deb11u1
CVE ID         : CVE-2025-13947 CVE-2025-43421 CVE-2025-43458 CVE-2025-66287

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2025-13947

    Janet Black discovered that a website may be able to exfiltrate
    sensitive system information.

CVE-2025-43421

    Nan Wang discovered that processing maliciously crafted web
    content may lead to an unexpected process crash.

CVE-2025-43458

    Phil Beauvoir discovered that processing maliciously crafted web
    content may lead to an unexpected process crash.

CVE-2025-66287

    Stanislav Fort discovered that processing maliciously crafted web
    content may lead to an unexpected process crash.

For Debian 11 bullseye, these problems have been fixed in version
2.50.3-1~deb11u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmk5KdAACgkQnUbEiOQ2
gwJ6hA//SA5bqgjvC6XlqXbbvqzJmpIPZkB09B/xXteO1W4o9tt+shUps9mYAhzs
bxUYSlaShRdNzNj8drHW1yLsKmhFTW7ojtSzxa9mVBtQp0E1C1BJK8ZD+Ol96ZEw
pIpLK//2kwhlv2E6CRTIM3k+ilJGZODxZKRQyiQnZQHV5rMzmhLwlNdDphiN01Tb
rnrNL5ZQ3rddYUlQEVzozJChmrXMIpj6193bNC+k82ntKX+sRihdNzpf4yGYjI3H
z8b0KdnuoYzju68J6Ebjv4m6ux5ES2e8tKk4cpUkQXq3qIEV9DLlQPFfC4nJmJRU
bnXyxBqJlrOQxJ8Ju57KiZybrLgZZEAqwAAolfq98UQiBURDGrcynamYI/NUaUgr
68/cCRMdkX9H8xnMxbOTREd6IW7wCHpWhqfuooXlfIwLmGTdOKomfLwTFpx35arc
v1NjGRbOzIuHE+4mrN1ZVbk+hMTHRAp57YXdVOSU8d2pRuaMdLsmg1RqCC91J9P9
4oNUn4ONac1MHQzrxeNmVskm0I8FKDcTZYlS4GJWt+ScE7Egf3lSYX0Hj1rAATKi
X4nDZAg4hblYpJG0sThJPpfl5MwD0bx9uejXKDsONSKqiBuZYuIgpJmE8qwUyMGX
UWFcdPmkNcR1ZE2NeEuo+m7JbjKM8P0ztGUMvxzL8XjQSoola9M=
=MqGH
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds