|
|
Log in / Subscribe / Register

Debian alert DSA-6074-1 (webkit2gtk)



From:
              Alberto Garcia <berto@debian.org>


To:
              debian-security-announce@lists.debian.org


Subject:
              [SECURITY] [DSA 6074-1] webkit2gtk security update


Date:
              Tue, 09 Dec 2025 17:17:32 +0000


Message-ID:
              <aThZrPlJy1DfM6oZ@seger.debian.org>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6074-1                   security@debian.org
https://www.debian.org/security/                           Alberto Garcia
December 09, 2025                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : webkit2gtk
CVE ID         : CVE-2025-13947 CVE-2025-43421 CVE-2025-43458 CVE-2025-66287

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2025-13947

    Janet Black discovered that a website may be able to exfiltrate
    sensitive system information.

CVE-2025-43421

    Nan Wang discovered that processing maliciously crafted web
    content may lead to an unexpected process crash.

CVE-2025-43458

    Phil Beauvoir discovered that processing maliciously crafted web
    content may lead to an unexpected process crash.

CVE-2025-66287

    Stanislav Fort discovered that processing maliciously crafted web
    content may lead to an unexpected process crash.

For the oldstable distribution (bookworm), these problems have been fixed
in version 2.50.3-1~deb12u1.

For the stable distribution (trixie), these problems have been fixed in
version 2.50.3-1~deb13u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmk4VRYACgkQAAyEYu0C
2AL3pw//QQaTk5+1QpJuSozP2yuhZpaI1dVRzk+ohnOXNy9+Gjiyg1mYcLk7sNka
aJc524BENCDJgqatUUAlX0fO8APMsLBtlsgSgLwMg8ooLMijG33ERgw8JyASWWgS
oJAEpLXWXw0K9dF4NFETToVUMi8c5+0fJADfO7Bn6DYXRcO/0w2IrpgnmBPuelmS
auw+i18NuPpWsdkyLpDmlyRuJ+IKGKKbvteqqp1MsyUwKwT8pZN6iSgm2tFwBvka
EpJocX/Y+r8q1ptViAUo0HNFeriKnrO5zTCbOGuxI6T8ZeGylxalrUj7b11GYqw3
oUyXGcqmf5FSlc1ZNWwQTPqXWutLsbxwbI6L4oRMQiBM+xskO405gMZABZR4uXm6
CoIxnwW75uPB9a/ygiRoQCU9/4tcldsurpEkrkToThl/q4UsBEZa8yHcypkoFbP0
QdsfDQV/ZQzH5M9dd2rHUS+3jXyr6UjVIjODNexMXS3LVHnJ31BeiYpPGIwARbh6
I6kX8Ns5Z13Wkaix+FCd4UmKxJBQ1yWn536mJri2UMpLXrFIMK5gmburRZytnwhY
zC4WU8l1590qMH4LfanpzccGT2cQ8HL2x3Km4WHCOrkLYlDRnwp8ypyH3AacohYv
swEeiv+ScYYCIMHvpP/4EkFZuNmq+JSpkfLo+Iu2k2r0ZU9QVy0=
=E6jG
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds