RLSA-2025:20922
- Source
- https://errata.rockylinux.org/RLSA-2025:20922
- Import Source
- https://storage.googleapis.com/resf-osv-data/RLSA-2025:20922.json
- JSON Data
- https://api.osv.dev/v1/vulns/RLSA-2025:20922
- Upstream
- Published
- 2025-11-21T18:13:51.682496Z
- Modified
- 2025-11-21T18:49:03.178384Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Important: webkit2gtk3 security update
- Details
-
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43272)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43342)
webkitgtk: A website may be able to access sensor information without user consent (CVE-2025-43356)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43368)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43343)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- References
-
- https://errata.rockylinux.org/RLSA-2025:20922
- https://bugzilla.redhat.com/show_bug.cgi?id=2397626
- https://bugzilla.redhat.com/show_bug.cgi?id=2397627
- https://bugzilla.redhat.com/show_bug.cgi?id=2397628
- https://bugzilla.redhat.com/show_bug.cgi?id=2397630
- https://bugzilla.redhat.com/show_bug.cgi?id=2403598
- Credits
-
-
- Rocky Enterprise Software Foundation
-
- Red Hat
-
Affected packages
Rocky Linux:9 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- pkg:rpm/rocky-linux/webkit2gtk3?distro=rocky-linux-9&epoch=0