[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DSA 6042-1] webkit2gtk security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6042-1                   security@debian.org
https://www.debian.org/security/                           Alberto Garcia
October 28, 2025                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : webkit2gtk
CVE ID         : CVE-2025-43272 CVE-2025-43342 CVE-2025-43343 CVE-2025-43356
                 CVE-2025-43368

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2025-43272

    Big Bear discovered that processing maliciously crafted web
    content may lead to an unexpected process crash.

CVE-2025-43342

    An anonymous researcher discovered that processing maliciously
    crafted web content may lead to an unexpected process crash.

CVE-2025-43343

    An anonymous researcher discovered that processing maliciously
    crafted web content may lead to an unexpected process crash.

CVE-2025-43356

    Jaydev Ahire discovered that a website may be able to access
    sensor information without user consent.

CVE-2025-43368

    Pawel Wylecial discovered that processing maliciously crafted web
    content may lead to an unexpected process crash.

This WebKitGTK update causes a compatibility problem with older
versions of Evolution when handling e-mail attachments. For this
reason, fixed versions of Evolution have also been released along with
this WebKitGTK update.

For the oldstable distribution (bookworm), these problems have been fixed
in version 2.50.1-1~deb12u1.

For the stable distribution (trixie), these problems have been fixed in
version 2.50.1-1~deb13u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmkAoVkACgkQAAyEYu0C
2AJxfQ//bNXepToCzRm0pyrXz8PLfT4qUqamGcsIcjDOEYkeF3tJTD1jZ7Iq9yMC
1VgBoqPjt5LlCSt8i1jKMaoS1MaY+uH/uEOEy8+v3Nr+qoNoZK4G3/U9f8x5weGx
eu2Dj4qMffzBlEMqQqeQn9WpTI9loLdMBeKsEg1ZrZSBPPaLDANCee15hJFHBnZ1
PlseePmMWHgWjJIqrXjPgkTrOsQ134nxetmup8B4iwNDG7n4b2TjAg3rpatCXnoP
bqTJWbL4BbCMluIxbfQF4wPopv4xLRfqmCMlO2pq7LmmuFzhWR6bgkVMi3x9nlJ2
olLu5jKcEpSqLaVvgDvxOx+89gyk2wQUrFW/KfGB3Hzr8VY7fJ74iqh6lIO1IoGx
tDDIrahZymtnhueY7ONotFQP9BHkw1H/4mpQ0GnFZ2ihDTGVpcWq9Lk0Eknhwi1T
LDFU2U5n+U75ixTwDMJiKS7GfntJjbM+esDbDbuHUw3odnxLJhe6SAZxHp4Kmccq
psNIHXYFrvjj+0tm7s+D7lPcHwN26Dc99shZAPwyJbtuHV1o/PjG3kPwWyDvLz2O
tBzJQK+T8d3JaJ29lI0Uz1pVuXlbXOoIjdaMtEn6VncixC709Izu/+oSxodwB279
S8NozW6EwOJxl5IO95MW8U3rTSTiZ2879gV7+R38tws5tde4it0=
=5F73
-----END PGP SIGNATURE-----
Reply to: