MGASA-2025-0325

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2025-0325.html

Import Source

https://advisories.mageia.org/MGASA-2025-0325.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2025-0325

Related

CVE-2025-13947
CVE-2025-43421
CVE-2025-43458
CVE-2025-66287

Published

2025-12-09T19:12:27Z

Modified

2025-12-09T19:15:51.844617Z

Summary

Updated webkit2 packages fix security vulnerabilities

Details

A website may be able to exfiltrate sensitive system information. Description: The issue was addressed through improved state checks - CVE-2025-13947. Processing maliciously crafted web content may lead to an unexpected process crash. Description: Multiple issues were addressed by disabling array allocation sinking - CVE-2025-43421. Processing maliciously crafted web content may lead to an unexpected process crash. Description: This issue was addressed through improved state management - CVE-2025-43458. Processing maliciously crafted web content may lead to an unexpected process crash. Description: The issue was addressed with improved memory handling - CVE-2025-66287.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / webkit2

Package

Name: webkit2
Purl: pkg:rpm/mageia/webkit2?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.50.3-1.mga9

Ecosystem specific

{
    "section": "core"
}