CLSA-2026-1777543457
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1777543457.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLSA-2026-1777543457
- Upstream
- Published
- 2026-04-30T10:10:15Z
- Modified
- 2026-06-01T00:32:49.817065835Z
- Summary
- webkit2gtk3: Fix of 9 CVEs
- Details
-
- Update to 2.50.6 to fix the following vulnerabilities (WSA-2026-0001):
- CVE-2025-43213: type confusion in JavaScriptCore (fixed in 2.50.5)
- CVE-2025-43214: out-of-bounds read in WebCore (fixed in 2.50.5)
- CVE-2025-43457: integer overflow in WebKit canvas rendering (fixed in 2.50.6)
- CVE-2025-43511: memory corruption in WebRTC (fixed in 2.50.5)
- CVE-2026-20608: use-after-free in WebKit DOM (fixed in 2.50.6)
- CVE-2026-20635: out-of-bounds access in JavaScriptCore (fixed in 2.50.6)
- CVE-2026-20636: type confusion in WebAssembly (fixed in 2.50.6)
- CVE-2026-20644: cross-origin issue in WebKit Storage (fixed in 2.50.6)
- CVE-2026-20652: memory corruption in MediaStream (fixed in 2.50.6)
- Disable %{gpgverify} step: upstream's signing key is DSA-1024 which EL9 crypto-policies reject; keyring retained for manual verification
- References
Affected packages
TuxCare:AlmaLinux:9.6 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- pkg:rpm/tuxcare/webkit2gtk3?distro=almalinux-9.6
TuxCare:AlmaLinux:9.6 / webkit2gtk3-devel
Package
- Name
- webkit2gtk3-devel
- Purl
- pkg:rpm/tuxcare/webkit2gtk3-devel?distro=almalinux-9.6
TuxCare:AlmaLinux:9.6 / webkit2gtk3-jsc
Package
- Name
- webkit2gtk3-jsc
- Purl
- pkg:rpm/tuxcare/webkit2gtk3-jsc?distro=almalinux-9.6