Fedora 42: webkitgtk 2025-40aeebe6d2 critical: memory corruption issues

fedora

May 17, 2025

Enable CSS Overscroll Behavior by default

Summary

WebKitGTK is the port of the WebKit web rendering engine to the

GTK platform.

Update Information:

Enable CSS Overscroll Behavior by default. Change threaded rendering implementation to use Skia API instead of WebCore display list that is not thread safe. Fix rendering when device scale factor change comes before the web view geometry update. Fix network process crash on exit. Fix several crashes and rendering issues. Fix CVE-2025-24223, CVE-2025-31204, CVE-2025-31205, CVE-2025-31206, CVE-2025-31215, CVE-2025-31257

Topics Covered

security advisory Fedora memory corruption webkitgtk network crash thread safety

Change Log

* Wed May 14 2025 Michael Catanzaro - 2.48.2-1 - Update to 2.48.2

References

[ 1 ] Bug #2366612 - CVE-2025-24223 webkitgtk: Processing maliciously crafted web content may lead to memory corruption [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2366612 [ 2 ] Bug #2366614 - CVE-2025-31204 webkitgtk: Processing maliciously crafted web content may lead to memory corruption [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2366614 [ 3 ] Bug #2366616 - CVE-2025-31205 webkitgtk: A malicious website may exfiltrate data cross-origin [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2366616 [ 4 ] Bug #2366618 - CVE-2025-31206 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2366618 [ 5 ] Bug #2366620 - CVE-2025-31215 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2366620 [ 6 ] Bug #...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-40aeebe6d2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity

critical

Lowest

Low

Medium

High

Critical

Name: webkitgtk

Product: Fedora 42

Version: 2.48.2

Release: 1.fc42

URL: https://www.webkitgtk.org/

Summary: GTK web content engine library

Topics Covered

security advisory Fedora memory corruption webkitgtk network crash thread safety

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 42: webkitgtk 2025-40aeebe6d2 critical: memory corruption issues

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 42: webkitgtk 2025-40aeebe6d2 critical: memory corruption issues

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!