Issued:: 2025-10-28
Updated:: 2025-10-28

RHSA-2025:19157 - Security Advisory

Overview
Updated Packages

Synopsis

Important: webkit2gtk3 security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43272)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43342)
webkitgtk: A website may be able to access sensor information without user consent (CVE-2025-43356)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43368)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Fixes

BZ - 2397626 - CVE-2025-43272 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash
BZ - 2397627 - CVE-2025-43342 webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
BZ - 2397628 - CVE-2025-43356 webkitgtk: A website may be able to access sensor information without user consent
BZ - 2397630 - CVE-2025-43368 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
webkit2gtk3-2.50.0-1.el8_2.src.rpm	SHA-256: 6e832ed454a539a98756f093163b68f8257019a81ae2c49e9ffa98870c7bbc93
x86_64
webkit2gtk3-2.50.0-1.el8_2.i686.rpm	SHA-256: 2ef46d684cc25dc12ac9db745de6041eed69d3cd04296543607bdd803fa79798
webkit2gtk3-2.50.0-1.el8_2.x86_64.rpm	SHA-256: 1436fce5304e40923273adbb0494ebcd8575b3ba9d73843854b5d36ae759f298
webkit2gtk3-debuginfo-2.50.0-1.el8_2.i686.rpm	SHA-256: df9824c1bb7e5613042c053a6a7bd52d7ecd4d6cb37a4630f1f1bf2210191325
webkit2gtk3-debuginfo-2.50.0-1.el8_2.x86_64.rpm	SHA-256: 37ca379a1c1fb7e56624b13ed3827cff5128b570ddf8d462d01958384e562767
webkit2gtk3-debugsource-2.50.0-1.el8_2.i686.rpm	SHA-256: 4877bb2255dcdaa13caf7343538510113c9e3221c12fb20ddfcddee4c75a87e1
webkit2gtk3-debugsource-2.50.0-1.el8_2.x86_64.rpm	SHA-256: d8b21fed5c24457224fa1915b3e542bb10879dbf37ad71bc7249a8c24395df28
webkit2gtk3-devel-2.50.0-1.el8_2.i686.rpm	SHA-256: ce4e04cf6792425b30dbdfd15df744afa61e8fc9c5d513faeeb89a5e667dce57
webkit2gtk3-devel-2.50.0-1.el8_2.x86_64.rpm	SHA-256: 3e9817e09c5b6f4aa1ef9e19673dd82fa9b8273bff81a8be4935f33ddfaa3df9
webkit2gtk3-devel-debuginfo-2.50.0-1.el8_2.i686.rpm	SHA-256: fbf6ede45149715063f5cc8dddec8862e169a9583d4d30c8c8f6b946fe906ee9
webkit2gtk3-devel-debuginfo-2.50.0-1.el8_2.x86_64.rpm	SHA-256: f0601bc992456290d8eacf7ade853a98e99ee6af9e8bfb3acdcb60857c8d6c33
webkit2gtk3-jsc-2.50.0-1.el8_2.i686.rpm	SHA-256: 77f4a5f78e51ec1931c2256ded955b52802335d5aeecc74d44b9333853b82639
webkit2gtk3-jsc-2.50.0-1.el8_2.x86_64.rpm	SHA-256: 33421c69b6de9e466d820e859d2d70d89cbe0de582b0985ae4a22db93b702ed8
webkit2gtk3-jsc-debuginfo-2.50.0-1.el8_2.i686.rpm	SHA-256: 617c9be6c06bcc1838a45a5ad9a697d64633da484d8339ab8dd2c56134dadbd8
webkit2gtk3-jsc-debuginfo-2.50.0-1.el8_2.x86_64.rpm	SHA-256: 5f6b593039a9eca875459d7d17bdca868b7e3028f27ed891027fce948694afd5
webkit2gtk3-jsc-devel-2.50.0-1.el8_2.i686.rpm	SHA-256: fade6a1419c6a694bb09c42c877889762de67155dcded4f0f6043b52cbda3fe3
webkit2gtk3-jsc-devel-2.50.0-1.el8_2.x86_64.rpm	SHA-256: 9d1c8efe703626acc034944c888b155ec068dd8b8fadfdcbf6e94312d27d3c42
webkit2gtk3-jsc-devel-debuginfo-2.50.0-1.el8_2.i686.rpm	SHA-256: 5b1689dac893843ec62aca754dba9bbb167b60690e6cc23e50a239cb98505136
webkit2gtk3-jsc-devel-debuginfo-2.50.0-1.el8_2.x86_64.rpm	SHA-256: 2e8966c91b1ee29ec96b9de57087b8dae704b614130c6f63e238933635305408

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation