stable

webkitgtk-2.48.5-1.fc41

FEDORA-2025-9b8165a4b3 created by catanzaro 4 months ago for Fedora 41

Update to 2.48.5. Changes since 2.48.3:

  • Improve emoji font selection.
  • Improve playback of multimedia streams from blob URLs.
  • Fix crash when using a WebKitWebView widget in an offscreen window.
  • Fix several crashes and rendering issues.
  • CVE-2025-31273, CVE-2025-31278, CVE-2025-43211, CVE-2025-43212, CVE-2025-43216, CVE-2025-43227, CVE-2025-43240, CVE-2025-43265, CVE-2025-6558

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2025-9b8165a4b3

This update has been submitted for testing by catanzaro.

4 months ago

This update's test gating status has been changed to 'waiting'.

4 months ago

This update's test gating status has been changed to 'waiting'.

4 months ago

This update's test gating status has been changed to 'passed'.

4 months ago

This update has been pushed to testing.

4 months ago
User Icon filiperosset commented & provided feedback 4 months ago
karma

no regressions noted

User Icon thebeanogamer commented & provided feedback 4 months ago
karma

Thanks for raising this before I got to it!

BZ#2386384 CVE-2025-43227 webkitgtk: Processing maliciously crafted web content may disclose sensitive user information [epel-all]
BZ#2386387 CVE-2025-43216 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [epel-all]
BZ#2386390 CVE-2025-43212 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [epel-all]
BZ#2386397 CVE-2025-43211 webkitgtk: Processing web content may lead to a denial-of-service [epel-all]
BZ#2386415 CVE-2025-43240 webkitgtk: A download’s origin may be incorrectly associated [epel-all]

This update can be pushed to stable now if the maintainer wishes

4 months ago

This update has been submitted for stable by bodhi.

4 months ago

This update has been pushed to stable.

4 months ago

Please log in to add feedback.

Metadata
Type
security
Severity
medium
Karma
2
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
4
Stable by Time
14 days
Dates
submitted
4 months ago
in testing
4 months ago
in stable
4 months ago
approved
4 months ago
Builds
1
webkitgtk-2.48.5-1.fc41
BZ#2386383 CVE-2025-43265 webkitgtk: Processing maliciously crafted web content may disclose internal states of the app [fedora-all]
0
0
BZ#2386384 CVE-2025-43227 webkitgtk: Processing maliciously crafted web content may disclose sensitive user information [epel-all]
0
1
BZ#2386387 CVE-2025-43216 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [epel-all]
0
1
BZ#2386390 CVE-2025-43212 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash [epel-all]
0
1
BZ#2386397 CVE-2025-43211 webkitgtk: Processing web content may lead to a denial-of-service [epel-all]
0
1
BZ#2386406 CVE-2025-31278 webkitgtk: Processing maliciously crafted web content may lead to memory corruption [fedora-all]
0
0
BZ#2386409 CVE-2025-31273 webkitgtk: Processing maliciously crafted web content may lead to memory corruption [fedora-all]
0
0
BZ#2386415 CVE-2025-43240 webkitgtk: A download’s origin may be incorrectly associated [epel-all]
0
1
webkitgtk-2.48.5-1.fc41

Automated Test Results

Copyright © 2007-2025 Red Hat, Inc. and others.

Running bodhi-server 25.11.1 on bodhi-web-11-q6jzq.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy