{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "Update to 2.50.4 to fix the following vulnerabilities:\n- CVE-2025-14174: fix memory corruption via improved validation of web content\n- CVE-2025-43501: fix buffer overflow with improved memory handling to\n prevent process crashes\n- CVE-2025-43529: fix use-after-free in memory management to prevent\n arbitrary code execution\n- CVE-2025-43531: fix race condition via improved state handling to\n prevent process crashes\n- CVE-2025-43535: fix unexpected process crash through improved memory handling\n- CVE-2025-43536: fix use-after-free with improved memory management for\n web content processing\n- CVE-2025-43541: fix type confusion via improved state handling to\n prevent unexpected crashes", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/tuxcare9.6esu/advisories/2025/clsa-2025_1767094035.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1767094035", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1767094035" } ], "tracking": { "current_release_date": "2025-12-30T11:28:31Z", "generator": { "date": "2025-12-30T11:28:31Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1767094035", "initial_release_date": "2025-12-30T11:28:31Z", "revision_history": [ { "date": "2025-12-30T11:28:31Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "webkit2gtk3: Fix of 7 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.6", "product": { "name": "AlmaLinux 9.6", "product_id": "AlmaLinux-9.6", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.6:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_name", "name": "Rocky Linux 9.6", "product": { "name": "Rocky Linux 9.6", "product_id": "Rocky Linux-9.6", "product_identification_helper": { "cpe": "cpe:2.3:o:resf:rocky_linux:9.6:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Rocky Linux" } ], "category": "vendor", "name": "Rocky Linux" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "product": { "name": "webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "product_id": "webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/webkit2gtk3@2.50.4-1.el9_6.tuxcare.els1?arch=i686" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "product": { "name": "webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "product_id": "webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/webkit2gtk3-jsc@2.50.4-1.el9_6.tuxcare.els1?arch=i686" } } }, { "category": "product_version", "name": "webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "product": { "name": "webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "product_id": "webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/webkit2gtk3-devel@2.50.4-1.el9_6.tuxcare.els1?arch=i686" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "product": { "name": "webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "product_id": "webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/webkit2gtk3-jsc-devel@2.50.4-1.el9_6.tuxcare.els1?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "product": { "name": "webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "product_id": "webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/webkit2gtk3@2.50.4-1.el9_6.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "product": { "name": "webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "product_id": "webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/webkit2gtk3-jsc@2.50.4-1.el9_6.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "product": { "name": "webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "product_id": "webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/webkit2gtk3-devel@2.50.4-1.el9_6.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "product": { "name": "webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "product_id": "webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/webkit2gtk3-jsc-devel@2.50.4-1.el9_6.tuxcare.els1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686" }, "product_reference": "webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64" }, "product_reference": "webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686" }, "product_reference": "webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64" }, "product_reference": "webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686" }, "product_reference": "webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64" }, "product_reference": "webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686" }, "product_reference": "webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64" }, "product_reference": "webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686" }, "product_reference": "webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64" }, "product_reference": "webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686" }, "product_reference": "webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64" }, "product_reference": "webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686" }, "product_reference": "webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64" }, "product_reference": "webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686" }, "product_reference": "webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64" }, "product_reference": "webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-43535", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-43535" } ], "release_date": "2025-12-17T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-12-30T11:27:17.255864Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1767094035", "product_ids": [ "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1767094035" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-43541", "cwe": { "id": "CWE-843", "name": "Access of Resource Using Incompatible Type ('Type Confusion')" }, "notes": [ { "category": "description", "text": "A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-43541" } ], "release_date": "2025-12-17T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-12-30T11:27:17.255864Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1767094035", "product_ids": [ "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1767094035" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-43501", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" }, "notes": [ { "category": "description", "text": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-43501" } ], "release_date": "2025-12-17T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-12-30T11:27:17.255864Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1767094035", "product_ids": [ "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1767094035" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-43529", "cwe": { "id": "CWE-825", "name": "Expired Pointer Dereference" }, "notes": [ { "category": "description", "text": "A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-43529" } ], "release_date": "2025-12-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-12-30T11:27:17.255864Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1767094035", "product_ids": [ "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1767094035" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-43536", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3. Processing maliciously crafted web content may lead to an unexpected process crash.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-43536" } ], "release_date": "2025-12-17T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-12-30T11:27:17.255864Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1767094035", "product_ids": [ "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1767094035" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-43531", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "description", "text": "A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-43531" } ], "release_date": "2025-12-17T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-12-30T11:27:17.255864Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1767094035", "product_ids": [ "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1767094035" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-14174", "cwe": { "id": "CWE-823", "name": "Use of Out-of-range Pointer Offset" }, "notes": [ { "category": "description", "text": "Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-14174" } ], "release_date": "2025-12-12T19:20:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-12-30T11:27:17.255864Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1767094035", "product_ids": [ "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1767094035" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "AlmaLinux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-0:2.50.4-1.el9_6.tuxcare.els1.x86_64", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.i686", "Rocky Linux-9.6:webkit2gtk3-jsc-devel-0:2.50.4-1.el9_6.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }