Fedora 41: FEDORA-2025-059585d039 moderate: Cross-Site Scripting Risk

fedora

April 8, 2025

Limit the data stored in session state

Summary

WebKitGTK is the port of the WebKit web rendering engine to the

GTK platform.

Update Information:

Limit the data stored in session state. Remove the empty area below the title bar in Web Inspector when not docked. Fix various crashes and rendering issues

Topics Covered

security advisory denial of service fedora cross-site scripting webkitgtk session state

Change Log

* Wed Apr 2 2025 Michael Catanzaro - 2.48.1-2 - Add patch to fix non-x86, non-ARM build * Wed Apr 2 2025 Michael Catanzaro - 2.48.1-1 - Update to WebKitGTK 2.48.1

References

[ 1 ] Bug #2357987 - CVE-2024-54551 webkitgtk: Processing web content may lead to a denial-of-service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2357987 [ 2 ] Bug #2357990 - CVE-2025-24208 webkitgtk: Loading a malicious iframe may lead to a cross-site scripting attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2357990 [ 3 ] Bug #2357993 - CVE-2025-24209 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2357993 [ 4 ] Bug #2357998 - CVE-2025-24216 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2357998 [ 5 ] Bug #2358000 - CVE-2025-24264 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2358000 [ 6 ...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-059585d039' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Name: webkitgtk

Product: Fedora 41

Version: 2.48.1

Release: 2.fc41

URL: https://www.webkitgtk.org/

Summary: GTK web content engine library

Topics Covered

security advisory denial of service fedora cross-site scripting webkitgtk session state

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 41: FEDORA-2025-059585d039 moderate: Cross-Site Scripting Risk

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 41: FEDORA-2025-059585d039 moderate: Cross-Site Scripting Risk

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!