Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 137 articles for you...
89

Fedora 44 webkitgtk Important Security Fix 2026-3bc4b3ccb3

Fire scrollend event for instant programmatic scrolls. Increase network idle connection timeout to 115 seconds. Fix several crashes and rendering issues. Fix CVE-2024-4367, CVE-2026-39872, CVE-2026-43663, CVE-2026-43676, CVE-2026-43699, CVE-2026-43701, CVE-2026-43705, CVE-2026-43707, CVE-2026-43712,. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-3bc4b3ccb3 2026-07-12 01:10:38.798641+00:00 -------------------------------------------------------------------------------- Name : webkitgtk Product : Fedora 44 Version : 2.52.5 Release : 1.fc44 URL : https://www.webkitgtk.org/ Summary : GTK web content engine library Description : WebKitGTK is the port of the WebKit web rendering engine to the GTK platform. -------------------------------------------------------------------------------- Update Information: Fire scrollend event for instant programmatic scrolls. Increase network idle connection timeout to 115 seconds. Fix several crashes and rendering issues. Fix CVE-2024-4367, CVE-2026-39872, CVE-2026-43663, CVE-2026-43676, CVE-2026-43699, CVE-2026-43701, CVE-2026-43705, CVE-2026-43707, CVE-2026-43712, CVE-2026-43713, CVE-2026-43715, CVE-2026-43716, CVE-2026-43720, CVE-2026-43721, CVE-2026-43725, CVE-2026-43726, CVE-2026-43727, CVE-2026-43731, CVE-2026-43732, CVE-2026-43734, CVE-2026-43740, CVE-2026-43742, CVE-2026-43745 -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 9 2026 Michael Catanzaro - 2.52.5-1 - Update to 2.52.5 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-3bc4b3ccb3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the FedoraProject GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . This update for Fedora 44 addresses security flaws in webkitgtk, ensuring better performance and stability. Immediate action recommended.. Fedora security advisory, webkitgtk update, CVE security patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 11, 2026 Important Fedora
89

Fedora 43 WebKitGTK Important Performance and Content Fixes 2026-1557aaef26

Add support for half-width fonts. Improve content filter compilation by avoiding file copies. Improve handling of out of disk space conditions when the NetworkProcess tried to write data in caches. Fix painting scrollbars when their width changes.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-1557aaef26 2026-06-20 01:06:42.654447+00:00 -------------------------------------------------------------------------------- Name : webkitgtk Product : Fedora 43 Version : 2.52.4 Release : 1.fc43 URL : https://www.webkitgtk.org/ Summary : GTK web content engine library Description : WebKitGTK is the port of the WebKit web rendering engine to the GTK platform. -------------------------------------------------------------------------------- Update Information: Add support for half-width fonts. Improve content filter compilation by avoiding file copies. Improve handling of out of disk space conditions when the NetworkProcess tried to write data in caches. Fix painting scrollbars when their width changes. Fix playback of certain YouTube videos with low frame rates. Fix webkit://gpu not working in systems where neither libGL.so.1 nor libOpenGL.so.0 are available. Fix several crashes and rendering issues. Security fixes: CVE-2026-28847, CVE-2026-28883, CVE-2026-28901, CVE-2026-28902, CVE-2026-28903, CVE-2026-28904, CVE-2026-28905, CVE-2026-28907, CVE-2026-28942, CVE-2026-28946, CVE-2026-28947, CVE-2026-28953, CVE-2026-28955, CVE-2026-28958, CVE-2026-43658, CVE-2026-43660 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 3 2026 Michael Catanzaro - 2.52.4-1 - Update to 2.52.4 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-1557aaef26' at the command line. For more information, refer to thednf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Security updates for Fedora 43 addressing content handling and web performance in webkitgtk. Critical fixes included.. Fedora webkitgtk security updates, Fedora 43 performance fixes, web content engine. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 19, 2026 Important Fedora
89

Fedora 44 webkitgtk Critical Security Fix Advisory 2026-a63aad0224

Add support for half-width fonts. Improve content filter compilation by avoiding file copies. Improve handling of out of disk space conditions when the NetworkProcess tried to write data in caches. Fix painting scrollbars when their width changes.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-a63aad0224 2026-06-06 01:02:02.289325+00:00 -------------------------------------------------------------------------------- Name : webkitgtk Product : Fedora 44 Version : 2.52.4 Release : 1.fc44 URL : https://www.webkitgtk.org/ Summary : GTK web content engine library Description : WebKitGTK is the port of the WebKit web rendering engine to the GTK platform. -------------------------------------------------------------------------------- Update Information: Add support for half-width fonts. Improve content filter compilation by avoiding file copies. Improve handling of out of disk space conditions when the NetworkProcess tried to write data in caches. Fix painting scrollbars when their width changes. Fix playback of certain YouTube videos with low frame rates. Fix webkit://gpu not working in systems where neither libGL.so.1 nor libOpenGL.so.0 are available. Fix several crashes and rendering issues. Security fixes: CVE-2026-28847, CVE-2026-28883, CVE-2026-28901, CVE-2026-28902, CVE-2026-28903, CVE-2026-28904, CVE-2026-28905, CVE-2026-28907, CVE-2026-28942, CVE-2026-28946, CVE-2026-28947, CVE-2026-28953, CVE-2026-28955, CVE-2026-28958, CVE-2026-43658, CVE-2026-43660 -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 2 2026 Michael Catanzaro - 2.52.4-1 - Update to 2.52.4 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-a63aad0224' at the command line. For more information, refer to thednf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Upgrade webkitgtk in Fedora 44 to fix critical issues including buffer overflows and rendering problems.. Fedora security advisory, webkitgtk updates, critical vulnerabilities. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 06, 2026 Critical Fedora
89

Fedora 44 webkitgtk Critical Security Fixes 2026-a63aad0224

Add support for half-width fonts. Improve content filter compilation by avoiding file copies. Improve handling of out of disk space conditions when the NetworkProcess tried to write data in caches. Fix painting scrollbars when their width changes.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-a63aad0224 2026-06-06 01:02:02.289325+00:00 -------------------------------------------------------------------------------- Name : webkitgtk Product : Fedora 44 Version : 2.52.4 Release : 1.fc44 URL : https://www.webkitgtk.org/ Summary : GTK web content engine library Description : WebKitGTK is the port of the WebKit web rendering engine to the GTK platform. -------------------------------------------------------------------------------- Update Information: Add support for half-width fonts. Improve content filter compilation by avoiding file copies. Improve handling of out of disk space conditions when the NetworkProcess tried to write data in caches. Fix painting scrollbars when their width changes. Fix playback of certain YouTube videos with low frame rates. Fix webkit://gpu not working in systems where neither libGL.so.1 nor libOpenGL.so.0 are available. Fix several crashes and rendering issues. Security fixes: CVE-2026-28847, CVE-2026-28883, CVE-2026-28901, CVE-2026-28902, CVE-2026-28903, CVE-2026-28904, CVE-2026-28905, CVE-2026-28907, CVE-2026-28942, CVE-2026-28946, CVE-2026-28947, CVE-2026-28953, CVE-2026-28955, CVE-2026-28958, CVE-2026-43658, CVE-2026-43660 -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 2 2026 Michael Catanzaro - 2.52.4-1 - Update to 2.52.4 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-a63aad0224' at the command line. For more information, refer to thednf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Security patches and improvements in webkitgtk for Fedora 44 enhance system performance and address critical issues.. web content engine, security fix, Fedora updates, webkitgtk, system performance. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 05, 2026 Critical Fedora
172

Ubuntu 26.04 WebKitGTK Important Remote Code Exec DoS USN-8237-1

Several security issues were fixed in WebKitGTK.. ========================================================================== Ubuntu Security Notice USN-8237-1 May 06, 2026 webkit2gtk vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS Summary: Several security issues were fixed in WebKitGTK. Software Description: - webkit2gtk: Web content engine library for GTK+ Details: Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libjavascriptcoregtk-4.1-0 2.52.3-0ubuntu0.26.04.2 libjavascriptcoregtk-6.0-1 2.52.3-0ubuntu0.26.04.2 libwebkit2gtk-4.1-0 2.52.3-0ubuntu0.26.04.2 libwebkitgtk-6.0-4 2.52.3-0ubuntu0.26.04.2 Ubuntu 25.10 libjavascriptcoregtk-4.1-0 2.52.3-0ubuntu0.25.10.1 libjavascriptcoregtk-6.0-1 2.52.3-0ubuntu0.25.10.1 libwebkit2gtk-4.1-0 2.52.3-0ubuntu0.25.10.1 libwebkitgtk-6.0-4 2.52.3-0ubuntu0.25.10.1 Ubuntu 24.04 LTS libjavascriptcoregtk-4.1-0 2.52.3-0ubuntu0.24.04.1 libjavascriptcoregtk-6.0-1 2.52.3-0ubuntu0.24.04.1 libwebkit2gtk-4.1-0 2.52.3-0ubuntu0.24.04.1 libwebkitgtk-6.0-4 2.52.3-0ubuntu0.24.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any applications that use WebKitGTK, such as Epiphany, to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8237-1 CVE-2025-43213, CVE-2025-43214,CVE-2025-43457, CVE-2025-43511, CVE-2025-46299, CVE-2026-20608, CVE-2026-20635, CVE-2026-20636, CVE-2026-20643, CVE-2026-20644, CVE-2026-20652, CVE-2026-20664, CVE-2026-20665, CVE-2026-20676, CVE-2026-20691, CVE-2026-28857, CVE-2026-28859, CVE-2026-28861, CVE-2026-28871 Package Information: https://launchpad.net/ubuntu/+source/webkit2gtk/2.52.3-0ubuntu0.26.04.2 https://launchpad.net/ubuntu/+source/webkit2gtk/2.52.3-0ubuntu0.25.10.1 https://launchpad.net/ubuntu/+source/webkit2gtk/2.52.3-0ubuntu0.24.04.1 . Fix multiple security issues in WebKitGTK impacting Ubuntu. Key updates and fix guidance available now.. WebKitGTK security Ubuntu updates exploits. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 06, 2026 Important Ubuntu
89

Fedora 42 webkitgtk 2.52.1 Important Issues Process Crash 2026-36594550b0

Update to 2.52.1. Notable changes from 2.50 to 2.52: Make text look like in other browsers by blending in linear color space. Improved rendering performance by using a different tile size depending on whether GPU rendering is enabled or not.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-36594550b0 2026-04-14 01:07:38.489371+00:00 -------------------------------------------------------------------------------- Name : webkitgtk Product : Fedora 42 Version : 2.52.1 Release : 1.fc42 URL : https://www.webkitgtk.org/ Summary : GTK web content engine library Description : WebKitGTK is the port of the WebKit web rendering engine to the GTK platform. -------------------------------------------------------------------------------- Update Information: Update to 2.52.1. Notable changes from 2.50 to 2.52: Make text look like in other browsers by blending in linear color space. Improved rendering performance by using a different tile size depending on whether GPU rendering is enabled or not. Improved composition scheduling to avoid blocking waiting for tile painting. Improved performance of accelerated 2D canvas by recording operations for batched replay. Improved async scrolling when main thread is busy by avoiding locks and rendering the scrollbars from the scrolling thread. Enabled dynamic MSAA for accelerated 2D canvas rendering. Improved text rendering performance Videos with BT2100-PQ colorspace are now tone-mapped to SDR, ensuring colours do not appear washed out. Added support for the Audio Output Devices API. Added API to handle WebXR permission requests. Added API to query the immersive session status. Added initial API for web extensions. Additional changes from 2.52.0 to 2.52.1: Reduce the amount of useless MPRIS notifications produced by MediaSesion when the information about media being played is incomplete. Add Sysprof marks for mouse events. Fix MediaSessionicon for iheart.com not being displayed. Fix several crashes and rendering issues. Translation updates: Georgian. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 28 2026 Michael Catanzaro - 2.52.1-1 - Update to 2.52.1 * Sat Mar 21 2026 Michael Catanzaro - 2.52.0-1 - Update to 2.52.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2449069 - CVE-2025-43213 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449069 [ 2 ] Bug #2449073 - CVE-2025-43214 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449073 [ 3 ] Bug #2449086 - CVE-2025-43457 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449086 [ 4 ] Bug #2449089 - CVE-2025-43511 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449089 [ 5 ] Bug #2449092 - CVE-2025-46299 webkitgtk: Processing maliciously crafted web content may disclose internal states of the app [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449092 [ 6 ] Bug #2449095 - CVE-2026-20608 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449095 [ 7 ] Bug #2449098 - CVE-2026-20635 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449098 [ 8 ] Bug #2449102 - CVE-2026-20636 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449102 [ 9 ] Bug #2449105 - CVE-2026-20644 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449105 [ 10 ] Bug #2449108 - CVE-2026-20652 webkitgtk: A remote attacker may be able to cause a denial-of-service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449108 [ 11 ] Bug #2449111 - CVE-2026-20676 webkitgtk: A website may be able to track users through Safari web extensions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449111 [ 12 ] Bug #2450634 - webkitgtk-2.50.5: WebKitWebProcess repeated SIGABRT crashes (heap corruption), upstream fixed in 2.50.6+ https://bugzilla.redhat.com/show_bug.cgi?id=2450634 [ 13 ] Bug #2453064 - CVE-2026-20643 webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453064 [ 14 ] Bug #2453067 - CVE-2026-20664 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453067 [ 15 ] Bug #2453070 - CVE-2026-20665 webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453070 [ 16 ] Bug #2453073 - CVE-2026-20691 webkitgtk: A maliciously crafted webpage may be able to fingerprint the user [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453073 [ 17 ] Bug #2453076 - CVE-2026-28857 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453076 [ 18 ] Bug #2453079 - CVE-2026-28859 webkitgtk: A malicious website may be able to process restricted web content outside the sandbox [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453079 [ 19 ] Bug #2453082 - CVE-2026-28871 webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453082 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-36594550b0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update to webkitgtk 2.52.1 addresses critical issues with processing crafted content to prevent process crashes.. process crash webkitgtk security Fedora update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 14, 2026 Important Fedora
89

Fedora 43 webkitgtk 2.52.1 Critical DoS Threat Advisory 2026-431948187d

Update to 2.52.1. Notable changes from 2.50 to 2.52: Make text look like in other browsers by blending in linear color space. Improved rendering performance by using a different tile size depending on whether GPU rendering is enabled or not.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-431948187d 2026-04-14 00:58:48.183190+00:00 -------------------------------------------------------------------------------- Name : webkitgtk Product : Fedora 43 Version : 2.52.1 Release : 1.fc43 URL : https://www.webkitgtk.org/ Summary : GTK web content engine library Description : WebKitGTK is the port of the WebKit web rendering engine to the GTK platform. -------------------------------------------------------------------------------- Update Information: Update to 2.52.1. Notable changes from 2.50 to 2.52: Make text look like in other browsers by blending in linear color space. Improved rendering performance by using a different tile size depending on whether GPU rendering is enabled or not. Improved composition scheduling to avoid blocking waiting for tile painting. Improved performance of accelerated 2D canvas by recording operations for batched replay. Improved async scrolling when main thread is busy by avoiding locks and rendering the scrollbars from the scrolling thread. Enabled dynamic MSAA for accelerated 2D canvas rendering. Improved text rendering performance Videos with BT2100-PQ colorspace are now tone-mapped to SDR, ensuring colours do not appear washed out. Added support for the Audio Output Devices API. Added API to handle WebXR permission requests. Added API to query the immersive session status. Added initial API for web extensions. Additional changes from 2.52.0 to 2.52.1: Reduce the amount of useless MPRIS notifications produced by MediaSesion when the information about media being played is incomplete. Add Sysprof marks for mouse events. Fix MediaSessionicon for iheart.com not being displayed. Fix several crashes and rendering issues. Translation updates: Georgian. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 28 2026 Michael Catanzaro - 2.52.1-1 - Update to 2.52.1 * Sat Mar 21 2026 Michael Catanzaro - 2.52.0-1 - Update to 2.52.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2449069 - CVE-2025-43213 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449069 [ 2 ] Bug #2449073 - CVE-2025-43214 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449073 [ 3 ] Bug #2449086 - CVE-2025-43457 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449086 [ 4 ] Bug #2449089 - CVE-2025-43511 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449089 [ 5 ] Bug #2449092 - CVE-2025-46299 webkitgtk: Processing maliciously crafted web content may disclose internal states of the app [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449092 [ 6 ] Bug #2449095 - CVE-2026-20608 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449095 [ 7 ] Bug #2449098 - CVE-2026-20635 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449098 [ 8 ] Bug #2449102 - CVE-2026-20636 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449102 [ 9 ] Bug #2449105 - CVE-2026-20644 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449105 [ 10 ] Bug #2449108 - CVE-2026-20652 webkitgtk: A remote attacker may be able to cause a denial-of-service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449108 [ 11 ] Bug #2449111 - CVE-2026-20676 webkitgtk: A website may be able to track users through Safari web extensions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449111 [ 12 ] Bug #2450634 - webkitgtk-2.50.5: WebKitWebProcess repeated SIGABRT crashes (heap corruption), upstream fixed in 2.50.6+ https://bugzilla.redhat.com/show_bug.cgi?id=2450634 [ 13 ] Bug #2453064 - CVE-2026-20643 webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453064 [ 14 ] Bug #2453067 - CVE-2026-20664 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453067 [ 15 ] Bug #2453070 - CVE-2026-20665 webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453070 [ 16 ] Bug #2453073 - CVE-2026-20691 webkitgtk: A maliciously crafted webpage may be able to fingerprint the user [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453073 [ 17 ] Bug #2453076 - CVE-2026-28857 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453076 [ 18 ] Bug #2453079 - CVE-2026-28859 webkitgtk: A malicious website may be able to process restricted web content outside the sandbox [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453079 [ 19 ] Bug #2453082 - CVE-2026-28871 webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453082 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-431948187d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Critical update for Fedora 43 webkitgtk enhances security and performance tackling multiple issues from previous versions.. Fedora security, webkitgtk update, Linux application, web rendering engine, security threats. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Apr 14, 2026 Critical Fedora
89

Fedora 45 WebKitGTK 2.52.2 Major Denial of Service Risk - 2027-g00571b8e8

Update to 2.52.1: Reduce the amount of useless MPRIS notifications produced by MediaSesion when the information about media being played is incomplete. Add Sysprof marks for mouse events. Fix MediaSession icon for iheart.com not being displayed.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-f00460a7d9 2026-03-31 00:16:35.926192+00:00 -------------------------------------------------------------------------------- Name : webkitgtk Product : Fedora 44 Version : 2.52.1 Release : 1.fc44 URL : https://www.webkitgtk.org/ Summary : GTK web content engine library Description : WebKitGTK is the port of the WebKit web rendering engine to the GTK platform. -------------------------------------------------------------------------------- Update Information: Update to 2.52.1: Reduce the amount of useless MPRIS notifications produced by MediaSesion when the information about media being played is incomplete. Add Sysprof marks for mouse events. Fix MediaSession icon for iheart.com not being displayed. Fix several crashes and rendering issues. Translation updates: Georgian. Update to 2.52.0: Make text look like in other browsers by blending in linear color space. Improved rendering performance by using a different tile size depending on whether GPU rendering is enabled or not. Improved composition scheduling to avoid blocking waiting for tile painting. Improved performance of accelerated 2D canvas by recording operations for batched replay. Improved async scrolling when main thread is busy by avoiding locks and rendering the scrollbars from the scrolling thread. Enabled dynamic MSAA for accelerated 2D canvas rendering. Improved text rendering performance Videos with BT2100-PQ colorspace are now tone-mapped to SDR, ensuring colours do not appear washed out. Added support for the Audio Output Devices API. Added API to handle WebXR permission requests. Added API to query theimmersive session status. Added initial API for web extensions. 2.51.93: Make text look like in other browsers by blending in linear color space. Avoid composition for non visible layers with running animations. Fix several crashes and rendering issues. 2.51.92: Fix PDF rendering broken by the accelerated 2D canvas performance improvements. Fix flickering while scrolling in some edge cases. Support for rotation and mirroring in internal WebCodecs encoder. System fallback font selection no longer takes style into account. Fix several crashes and rendering issues. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 28 2026 Michael Catanzaro - 2.52.1-1 - Update to 2.52.1 * Wed Mar 25 2026 Jan Grulich - 2.52.0-4 - Add configuration for release-monitoring * Tue Mar 24 2026 Michael Catanzaro - 2.52.0-3 - Remove Unicode-TOU from license list * Tue Mar 24 2026 Michael Catanzaro - 2.52.0-2 - Correct license of m4sugar.m4 * Sat Mar 21 2026 Michael Catanzaro - 2.52.0-1 - Update to 2.52.0 * Fri Mar 6 2026 Michael Catanzaro - 2.51.93-1 - Update to 2.51.93 * Sun Mar 1 2026 Michael Catanzaro - 2.51.92-1 - Update to 2.51.92 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2449069 - CVE-2025-43213 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449069 [ 2 ] Bug #2449073 - CVE-2025-43214 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449073 [ 3 ] Bug #2449086 - CVE-2025-43457 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449086 [ 4 ] Bug #2449089 - CVE-2025-43511 webkitgtk: Processing maliciously crafted web content may lead to anunexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449089 [ 5 ] Bug #2449092 - CVE-2025-46299 webkitgtk: Processing maliciously crafted web content may disclose internal states of the app [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449092 [ 6 ] Bug #2449095 - CVE-2026-20608 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449095 [ 7 ] Bug #2449098 - CVE-2026-20635 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449098 [ 8 ] Bug #2449102 - CVE-2026-20636 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449102 [ 9 ] Bug #2449105 - CVE-2026-20644 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449105 [ 10 ] Bug #2449108 - CVE-2026-20652 webkitgtk: A remote attacker may be able to cause a denial-of-service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449108 [ 11 ] Bug #2449111 - CVE-2026-20676 webkitgtk: A website may be able to track users through Safari web extensions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449111 [ 12 ] Bug #2450634 - webkitgtk-2.50.5: WebKitWebProcess repeated SIGABRT crashes (heap corruption), upstream fixed in 2.50.6+ https://bugzilla.redhat.com/show_bug.cgi?id=2450634 [ 13 ] Bug #2453064 - CVE-2026-20643 webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453064 [ 14 ] Bug #2453067 - CVE-2026-20664 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453067 [ 15 ] Bug #2453070 - CVE-2026-20665 webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453070 [ 16 ] Bug #2453073 - CVE-2026-20691 webkitgtk: A maliciously crafted webpage may be able to fingerprint the user [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453073 [ 17 ] Bug #2453076 - CVE-2026-28857 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453076 [ 18 ] Bug #2453079 - CVE-2026-28859 webkitgtk: A malicious website may be able to process restricted web content outside the sandbox [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453079 [ 19 ] Bug #2453082 - CVE-2026-28871 webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453082 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-f00460a7d9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update webkitgtk 2.52.1 for Fedora 44 addresses several crucial issues and improves overall performance.. Fedora update, webkitgtk security, Denial of Service, Linux security update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Mar 31, 2026 Important Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200