Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 40: 2025-256a86d7c8 critical: webkitgtk DoS and XSS risk

fedora
Calendar Grey April 19, 2025
Dist Fedora Esm H88
Fedora 40 Security Notice: webkitgtk patch issued for various vulnerabilities, featuring DoS and XSS threats. Immediate update advised.
Limit the data stored in session state

Summary

WebKitGTK is the port of the WebKit web rendering engine to the

GTK platform.

Update Information:

Limit the data stored in session state. Remove the empty area below the title bar in Web Inspector when not docked. Fix various crashes and rendering issues

Topics%20covered

Topics Covered

security advisory denial of service update Fedora cross-site scripting webkitgtk

Change Log

* Wed Apr 2 2025 Michael Catanzaro - 2.48.1-2 - Add patch to fix non-x86, non-ARM build * Wed Apr 2 2025 Michael Catanzaro - 2.48.1-1 - Update to WebKitGTK 2.48.1

References


[ 1 ] Bug #2357987 - CVE-2024-54551 webkitgtk: Processing web content may lead to a denial-of-service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2357987 [ 2 ] Bug #2357990 - CVE-2025-24208 webkitgtk: Loading a malicious iframe may lead to a cross-site scripting attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2357990 [ 3 ] Bug #2357993 - CVE-2025-24209 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2357993 [ 4 ] Bug #2357998 - CVE-2025-24216 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2357998 [ 5 ] Bug #2358000 - CVE-2025-24264 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2358000 [ 6 ...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-256a86d7c8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: webkitgtk
Product: Fedora 40
Version: 2.48.1
Release: 2.fc40
URL: https://www.webkitgtk.org/
Summary: GTK web content engine library

Topics%20covered

Topics Covered

security advisory denial of service update Fedora cross-site scripting webkitgtk

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here