RLSA-2026:9692
- Source
- https://errata.rockylinux.org/RLSA-2026:9692
- Import Source
- https://storage.googleapis.com/resf-osv-data/RLSA-2026:9692.json
- JSON Data
- https://api.osv.dev/v1/vulns/RLSA-2026:9692
- Upstream
- Published
- 2026-04-24T12:03:31.152911Z
- Modified
- 2026-04-24T12:30:06.552913Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Important: webkit2gtk3 security update
- Details
-
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)
webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)
webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)
webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)
webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)
webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)
webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)
webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859)
webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- References
-
- https://errata.rockylinux.org/RLSA-2026:9692
- https://bugzilla.redhat.com/show_bug.cgi?id=2448781
- https://bugzilla.redhat.com/show_bug.cgi?id=2448782
- https://bugzilla.redhat.com/show_bug.cgi?id=2448786
- https://bugzilla.redhat.com/show_bug.cgi?id=2448787
- https://bugzilla.redhat.com/show_bug.cgi?id=2448788
- https://bugzilla.redhat.com/show_bug.cgi?id=2448789
- https://bugzilla.redhat.com/show_bug.cgi?id=2448790
- https://bugzilla.redhat.com/show_bug.cgi?id=2448791
- https://bugzilla.redhat.com/show_bug.cgi?id=2448792
- https://bugzilla.redhat.com/show_bug.cgi?id=2448793
- https://bugzilla.redhat.com/show_bug.cgi?id=2448794
- https://bugzilla.redhat.com/show_bug.cgi?id=2453000
- https://bugzilla.redhat.com/show_bug.cgi?id=2453001
- https://bugzilla.redhat.com/show_bug.cgi?id=2453002
- https://bugzilla.redhat.com/show_bug.cgi?id=2453003
- https://bugzilla.redhat.com/show_bug.cgi?id=2453004
- https://bugzilla.redhat.com/show_bug.cgi?id=2453006
- https://bugzilla.redhat.com/show_bug.cgi?id=2453008
- Credits
-
-
- Rocky Enterprise Software Foundation
-
- Red Hat
-
Affected packages
Rocky Linux:9 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- pkg:rpm/rocky-linux/webkit2gtk3?distro=rocky-linux-9&epoch=0