ALSA-2025:22789
- Source
- https://errata.almalinux.org/8/ALSA-2025-22789.html
- Import Source
- https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:22789.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/ALSA-2025:22789
- Related
- Published
- 2025-12-08T00:00:00Z
- Modified
- 2026-01-30T00:43:52.264779Z
- Summary
- Important: webkit2gtk3 security update
- Details
-
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
- webkit: WebKitGTK / WPE WebKit: Out-of-bounds read and integer underflow vulnerability leading to DoS (CVE-2025-13502)
- webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2023-43000)
- webkitgtk: A website may exfiltrate image data cross-origin (CVE-2025-43392)
- webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-43419)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43425)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43427)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43429)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43430)
- webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-43431)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43432)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43434)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43440)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43443)
- webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2025-43480)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43421)
- webkit: WebKitGTK: Remote user-assisted information disclosure via file drag-and-drop (CVE-2025-13947)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43458)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-66287)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- References
-
- https://access.redhat.com/errata/RHSA-2025:22789
- https://access.redhat.com/security/cve/CVE-2023-43000
- https://access.redhat.com/security/cve/CVE-2025-13502
- https://access.redhat.com/security/cve/CVE-2025-13947
- https://access.redhat.com/security/cve/CVE-2025-43392
- https://access.redhat.com/security/cve/CVE-2025-43419
- https://access.redhat.com/security/cve/CVE-2025-43421
- https://access.redhat.com/security/cve/CVE-2025-43425
- https://access.redhat.com/security/cve/CVE-2025-43427
- https://access.redhat.com/security/cve/CVE-2025-43429
- https://access.redhat.com/security/cve/CVE-2025-43430
- https://access.redhat.com/security/cve/CVE-2025-43431
- https://access.redhat.com/security/cve/CVE-2025-43432
- https://access.redhat.com/security/cve/CVE-2025-43434
- https://access.redhat.com/security/cve/CVE-2025-43440
- https://access.redhat.com/security/cve/CVE-2025-43443
- https://access.redhat.com/security/cve/CVE-2025-43458
- https://access.redhat.com/security/cve/CVE-2025-43480
- https://access.redhat.com/security/cve/CVE-2025-66287
- https://bugzilla.redhat.com/2416300
- https://bugzilla.redhat.com/2416324
- https://bugzilla.redhat.com/2416325
- https://bugzilla.redhat.com/2416326
- https://bugzilla.redhat.com/2416327
- https://bugzilla.redhat.com/2416329
- https://bugzilla.redhat.com/2416330
- https://bugzilla.redhat.com/2416331
- https://bugzilla.redhat.com/2416332
- https://bugzilla.redhat.com/2416334
- https://bugzilla.redhat.com/2416335
- https://bugzilla.redhat.com/2416336
- https://bugzilla.redhat.com/2416337
- https://bugzilla.redhat.com/2416338
- https://bugzilla.redhat.com/2416355
- https://bugzilla.redhat.com/2418576
- https://bugzilla.redhat.com/2418855
- https://bugzilla.redhat.com/2418857
- https://errata.almalinux.org/8/ALSA-2025-22789.html
Affected packages
AlmaLinux:8 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- pkg:rpm/almalinux/webkit2gtk3
AlmaLinux:8 / webkit2gtk3-devel
Package
- Name
- webkit2gtk3-devel
- Purl
- pkg:rpm/almalinux/webkit2gtk3-devel
AlmaLinux:8 / webkit2gtk3-jsc
Package
- Name
- webkit2gtk3-jsc
- Purl
- pkg:rpm/almalinux/webkit2gtk3-jsc