{"id":"CLSA-2025-1756751564","summary":"webkit2gtk3: Fix of 18 CVEs","details":"- Update to 2.48.5. The following CVEs were fixed:\n- CVE-2025-6558: fix processing maliciously crafted web content which may\n  lead to an unexpected Safari crash\n- CVE-2025-31273: fix processing maliciously crafted web content which may\n  lead to memory corruption\n- CVE-2025-31278: fix processing maliciously crafted web content which may\n  lead to memory corruption\n- CVE-2025-43212: fix processing maliciously crafted web content which may\n  lead to an unexpected Safari crash\n- CVE-2025-43216: fix processing maliciously crafted web content which may\n  lead to an unexpected Safari crash\n- CVE-2025-43228: fix issue with visiting a malicious website which may lead\n  to address bar spoofing\n- CVE-2025-24189: fix processing maliciously crafted web content which may\n  lead to memory corruption\n- CVE-2025-31205: fix issue with a malicious website which may exfiltrate\n  data cross-origin\n- CVE-2025-24208: fix loading a malicious iframe which may lead to a cross-site\n  scripting attack\n- CVE-2024-54551: fix processing web content which may lead to a denial-of-service\n- CVE-2024-44192: fix processing maliciously crafted web content which may\n  lead to an unexpected process crash\n- CVE-2024-54467: fix issue with a malicious website which may exfiltrate\n  data cross-origin\n- CVE-2025-24162: fix processing maliciously crafted web content which may\n  lead to an unexpected process crash\n- CVE-2024-54502: fix processing maliciously crafted web content which may\n  lead to an unexpected process crash\n- CVE-2024-44244: fix processing maliciously crafted web content which may\n  lead to an unexpected process crash\n- CVE-2024-44185: fix processing maliciously crafted web content which may\n  lead to an unexpected process crash\n- CVE-2024-44187: fix issue wit a malicious website may exfiltrate data\n  cross-origin\n- CVE-2024-40866: fix issue with visiting a malicious website which may lead\n  to address bar spoofing","modified":"2026-05-27T11:35:19.820757605Z","published":"2025-09-15T07:50:41Z","upstream":["CVE-2024-40866","CVE-2024-44185","CVE-2024-44187","CVE-2024-44192","CVE-2024-44244","CVE-2024-54467","CVE-2024-54502","CVE-2024-54551","CVE-2025-24162","CVE-2025-24189","CVE-2025-24208","CVE-2025-31205","CVE-2025-31273","CVE-2025-31278","CVE-2025-43212","CVE-2025-43216","CVE-2025-43228","CVE-2025-6558"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/els_os/almalinux9.2esu/CLSA-2025-1756751564.html"}],"affected":[{"package":{"name":"webkit2gtk3","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/webkit2gtk3?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.48.5-1.el9.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1756751564.json"}},{"package":{"name":"webkit2gtk3-devel","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/webkit2gtk3-devel?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.48.5-1.el9.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1756751564.json"}},{"package":{"name":"webkit2gtk3-jsc","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/webkit2gtk3-jsc?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.48.5-1.el9.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1756751564.json"}},{"package":{"name":"webkit2gtk3-jsc-devel","ecosystem":"TuxCare:AlmaLinux:9.2","purl":"pkg:rpm/tuxcare/webkit2gtk3-jsc-devel?distro=almalinux-9.2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.48.5-1.el9.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2025-1756751564.json"}}],"schema_version":"1.7.5"}