Mageia alert MGASA-2025-0325 (webkit2)
| From: | Mageia Updates <updates-announce@ml.mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2025-0325: Updated webkit2 packages fix security vulnerabilities | |
| Date: | Tue, 09 Dec 2025 20:13:05 +0100 | |
| Message-ID: | <20251209191305.C520F9FABD@duvel.mageia.org> | |
| Archive-link: | Article |
MGASA-2025-0325 - Updated webkit2 packages fix security vulnerabilities Publication date: 09 Dec 2025 URL: https://advisories.mageia.org/MGASA-2025-0325.html Type: security Affected Mageia releases: 9 CVE: CVE-2025-13947, CVE-2025-43421, CVE-2025-43458, CVE-2025-66287 Description: A website may be able to exfiltrate sensitive system information. Description: The issue was addressed through improved state checks - CVE-2025-13947. Processing maliciously crafted web content may lead to an unexpected process crash. Description: Multiple issues were addressed by disabling array allocation sinking - CVE-2025-43421. Processing maliciously crafted web content may lead to an unexpected process crash. Description: This issue was addressed through improved state management - CVE-2025-43458. Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling - CVE-2025-66287. References: - https://bugs.mageia.org/show_bug.cgi?id=34802 - https://webkitgtk.org/security/WSA-2025-0009.html - https://webkitgtk.org/2025/12/04/webkitgtk2.50.3-released... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6... SRPMS: - 9/core/webkit2-2.50.3-1.mga9