Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-20652 (GCVE-0-2026-20652)
Vulnerability from cvelistv5 – Published: 2026-02-11 22:59 – Updated: 2026-04-02 18:26
VLAI
EPSS
Summary
The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A remote attacker may be able to cause a denial-of-service.
Severity
7.5 (High)
CWE
- A remote attacker may be able to cause a denial-of-service
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-20652",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-12T19:30:51.349079Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T19:31:21.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.7.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "26.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "26.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A remote attacker may be able to cause a denial-of-service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A remote attacker may be able to cause a denial-of-service",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:26:31.460Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/126346"
},
{
"url": "https://support.apple.com/en-us/126347"
},
{
"url": "https://support.apple.com/en-us/126348"
},
{
"url": "https://support.apple.com/en-us/126353"
},
{
"url": "https://support.apple.com/en-us/126354"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2026-20652",
"datePublished": "2026-02-11T22:59:04.639Z",
"dateReserved": "2025-11-11T14:43:07.864Z",
"dateUpdated": "2026-04-02T18:26:31.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-20652",
"date": "2026-05-29",
"epss": "0.00255",
"percentile": "0.48985"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-20652\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2026-02-11T23:16:08.033\",\"lastModified\":\"2026-04-02T19:21:17.743\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A remote attacker may be able to cause a denial-of-service.\"},{\"lang\":\"es\",\"value\":\"El problema se abord\u00f3 con un manejo de memoria mejorado. Este problema est\u00e1 solucionado en macOS Tahoe 26.3, iOS 18.7.5 y iPadOS 18.7.5, visionOS 26.3, iOS 26.3 y iPadOS 26.3, Safari 26.3. Un atacante remoto podr\u00eda causar una denegaci\u00f3n de servicio.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.3\",\"matchCriteriaId\":\"13054182-3C0A-47D3-AABE-2B248BA17814\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.7.5\",\"matchCriteriaId\":\"5DF4C0EE-C67C-4BA1-BB50-C51DEC72E486\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"26.0\",\"versionEndExcluding\":\"26.3\",\"matchCriteriaId\":\"00E2601B-7453-4C8B-A307-EF7BC5BF2E84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.7.5\",\"matchCriteriaId\":\"273784FD-F8F0-466D-AF6E-5511FF3781B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"26.0\",\"versionEndExcluding\":\"26.3\",\"matchCriteriaId\":\"951073F9-924E-4D9C-8DA1-64E284326CC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.3\",\"matchCriteriaId\":\"E1EEEE88-5ADA-4C55-9C7C-397E904408DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.3\",\"matchCriteriaId\":\"388EDB3F-A14E-4922-B88A-F1CB6DE50A2A\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/126346\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/126347\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/126348\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/126353\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/126354\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"Safari\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"26.3\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"26.3\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"visionOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"26.3\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"26.3\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"18.7\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/en-us/126354\"}, {\"url\": \"https://support.apple.com/en-us/126348\"}, {\"url\": \"https://support.apple.com/en-us/126353\"}, {\"url\": \"https://support.apple.com/en-us/126346\"}, {\"url\": \"https://support.apple.com/en-us/126347\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. A remote attacker may be able to cause a denial-of-service.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"A remote attacker may be able to cause a denial-of-service\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2026-02-11T22:59:04.639Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-20652\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-12T19:30:51.349079Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400 Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"shortName\": \"CISA-ADP\", \"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"dateUpdated\": \"2026-02-12T19:30:08.837Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2026-20652\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-11T22:59:04.639Z\", \"dateReserved\": \"2025-11-11T14:43:07.864Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2026-02-11T22:59:04.639Z\", \"assignerShortName\": \"apple\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
GHSA-JHP8-JFXV-5GGJ
Vulnerability from github – Published: 2026-02-12 00:31 – Updated: 2026-02-12 21:31
VLAI
Details
The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. A remote attacker may be able to cause a denial-of-service.
Severity
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2026-20652"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-11T23:16:08Z",
"severity": "HIGH"
},
"details": "The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. A remote attacker may be able to cause a denial-of-service.",
"id": "GHSA-jhp8-jfxv-5ggj",
"modified": "2026-02-12T21:31:26Z",
"published": "2026-02-12T00:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20652"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126346"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126347"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126348"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126353"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126354"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
NCSC-2026-0063
Vulnerability from csaf_ncscnl - Published: 2026-02-13 13:24 - Updated: 2026-02-13 13:24Summary
Kwetsbaarheden verholpen in Apple macOS
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Apple heeft kwetsbaarheden verholpen in macOS, inclusief versies Sequoia 15.7.4, Tahoe 26.3 en Sonoma 14.8.4.
Interpretaties: De kwetsbaarheden omvatten onder andere problemen met geheugencorruptie, ongeautoriseerde toegang tot gevoelige gebruikersdata, en logboekproblemen die konden leiden tot ongeautoriseerde toegang tot locatie-informatie. De updates bevatten verbeterde validatieprocessen en state management om deze risico's te mitigeren.
Oplossingen: Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-284: Improper Access Control
CWE-416: Use After Free
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-823: Use of Out-of-range Pointer Offset
CWE-825: Expired Pointer Dereference
The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including memory corruption and buffer overflow, while a high-severity out of bounds memory access vulnerability in ANGLE affects Google Chrome and other Chromium-based browsers.
8.8 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
An out-of-bounds access issue was resolved in macOS Tahoe 26 and macOS Sonoma 14.8.2, preventing potential app termination or memory corruption from malicious media files through improved bounds checking.
7.1 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Tahoe 26.1 has resolved issues related to unexpected system termination and process memory corruption through enhanced memory handling.
7.8 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Authorization issues regarding sensitive user data access have been resolved in macOS Sequoia 15.7.4 and macOS Sonoma 14.8.4, addressing potential risks of unauthorized app access.
5.5 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sonoma 14.8.4 addresses a path handling issue that could allow applications to access user-sensitive data through improved logic.
5.5 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including use-after-free and memory corruption issues, potentially allowing arbitrary code execution through malicious web content.
8.8 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Apple addressed multiple memory corruption vulnerabilities across its operating systems, including watchOS, iOS, iPadOS, macOS, visionOS, and tvOS, through improved input validation and enhanced bounds checks to prevent crashes from malicious HID devices.
CWE-20 - Improper Input ValidationAffected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Tahoe 26.2 addressed a logic issue through improved validation, which could have allowed unauthorized access to sensitive user data by applications.
5.5 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sequoia 15.7.4 and macOS Sonoma 14.8.4 have addressed a logic issue that could allow remote attackers to cause a denial-of-service through improved checks.
7.5 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.
5.5 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.
5.5 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.
5.5 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.
5.5 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.
5.5 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.
5.5 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sequoia 15.7.4 and macOS Sonoma 14.8.4 have resolved a vulnerability that allowed attackers with root privileges to delete protected system files through enhanced state management.
6.0 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Multiple vulnerabilities, including memory amplification in libexpat and denial-of-service issues in Oracle Communications Network Analytics and Apple Software, expose systems to potential disruptions without enabling arbitrary code execution.
7.5 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Tahoe 26.3 has resolved a permissions issue that allowed applications to monitor keystrokes without user consent by implementing additional restrictions.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 have addressed a denial-of-service vulnerability related to app cache handling, enhancing overall system stability.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Tahoe 26.3 has enhanced redaction capabilities to prevent apps with root privileges from accessing sensitive private information.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Recent updates in macOS Sequoia 15.7.4 and iOS 18.7.5 have resolved a memory handling issue that could cause an app to crash a system process.
4.6 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
The vulnerability allowing apps to bypass Privacy preferences in macOS and iOS has been addressed by removing the problematic code across various versions.
7.1 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Recent updates in several operating systems and Safari have addressed unexpected process crashes caused by maliciously crafted web content through enhanced state management.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Various operating systems have addressed improved memory handling to mitigate risks of denial-of-service and memory content disclosure from processing malicious files.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Tahoe 26.3 has fixed an issue with symlink handling that previously allowed applications to gain root privileges.
7.8 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
An out-of-bounds access vulnerability affecting various Apple operating systems was resolved, which could lead to app termination or memory corruption when handling malicious media files.
7.1 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 have addressed a privacy issue that allowed apps to access sensitive user data through enhanced checks.
5.5 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A path handling vulnerability allowing apps to gain root privileges has been resolved in macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 through enhanced validation measures.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A path handling vulnerability allowing apps to gain root privileges has been resolved in iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, and visionOS 26.3 through enhanced validation measures.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
An out-of-bounds write vulnerability in various Apple operating systems has been resolved through enhanced bounds checking, preventing unexpected app terminations when handling malicious USD files.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A race condition affecting multiple Apple operating systems, including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, was fixed, which could have allowed apps to gain root privileges due to improved state handling.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Tahoe 26.3 has improved temporary file handling, resolving an issue that could allow applications to access user-sensitive data.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A logging issue in macOS Sequoia 15.7.4 and macOS Tahoe 26.3 has been resolved, enhancing data redaction to prevent unauthorized access to sensitive user information by applications.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
An out-of-bounds read vulnerability was resolved in macOS versions 15.7.4, 26.3, and 14.8.4, potentially allowing attackers to read kernel memory or cause unexpected system termination.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Recent updates to macOS and iOS have resolved issues related to memory handling that could cause unexpected system termination or kernel memory corruption.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A permissions issue in macOS Tahoe 26.3 was resolved by removing vulnerable code that could allow unauthorized access to protected user data.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Recent updates in macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 have addressed an injection issue that could allow apps to access sensitive user data through improved validation.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Recent updates in macOS and visionOS addressed a parsing issue in directory path handling, enhancing path validation to prevent unauthorized access to sensitive user data by applications.
5.5 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Sequoia 15.7.4, iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed the issue of malicious apps gaining root privileges through enhanced checks.
7.8 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Recent updates in watchOS 26.3 and iOS 26.3 have resolved an issue with environment variable handling that could allow unauthorized access to sensitive user data through improved validation.
5.5 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A permissions vulnerability that could allow an application to escape its sandbox has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.
7.1 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Tahoe 26.3 has resolved a privacy issue that allowed applications to access user-sensitive data through improper handling of temporary files.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Tahoe 26.3 has resolved a permissions issue that previously allowed applications to access protected user data, implementing additional restrictions to enhance security.
5.5 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Recent updates to watchOS, tvOS, macOS, iOS, and iPadOS have addressed memory handling vulnerabilities that could lead to process memory disclosure when processing maliciously crafted images.
5.5 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Recent updates have enhanced memory handling and state management across various operating systems, effectively reducing the risk of unexpected process crashes from malicious web content.
4.3 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed unexpected process crashes due to malicious web content through enhanced memory handling.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A privacy vulnerability that enabled applications to detect other installed apps has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Apple has addressed the issue of unexpected process crashes caused by malicious web content through enhanced memory handling in its operating systems and Safari version 26.3.
6.5 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Tahoe 26.3 has resolved a logging vulnerability that allowed malicious applications to access sensitive location data through enhanced data redaction techniques.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Tahoe 26.3 has resolved unauthorized access issues by implementing enhanced data protection measures that prevent apps from accessing sensitive user data.
5.5 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A privacy issue in macOS Tahoe 26.3 was addressed by relocating sensitive data to a secure location, effectively preventing unauthorized access to notifications from other iCloud devices by malicious applications.
5.5 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A logging issue allowing potential exposure of sensitive information has been resolved through enhanced data redaction in watchOS 26.3, iOS 26.3, iPadOS 26.3, tvOS 26.3, and macOS Tahoe 26.3.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A denial-of-service vulnerability in Bluetooth packets has been addressed across multiple Apple operating systems, including iOS and macOS, allowing potential exploitation by attackers in privileged network positions.
7.5 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Recent updates to macOS, iOS, iPadOS, visionOS, and Safari have addressed a vulnerability related to improved memory handling that could enable remote attackers to execute denial-of-service attacks.
7.5 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A parsing issue in directory path handling was resolved, enhancing path validation to prevent unauthorized access to sensitive user data across multiple macOS and iOS versions.
5.5 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
The unexpected system termination issue caused by app behavior has been resolved through enhanced memory management in operating systems including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, all updated to version 26.3.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A logic issue allowing app access to user Safari history has been resolved in iOS 18.7.5, iPadOS 18.7.5, Safari 26.3, and macOS Tahoe 26.3 through enhanced validation measures.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Tahoe 26.3 has resolved a package validation vulnerability that could allow applications to gain root privileges by blocking the affected package.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A path handling vulnerability in several Apple operating systems and Safari versions has been addressed, which previously allowed remote users to write arbitrary files.
7.5 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
An authorization issue in macOS Sequoia 15.7.4 and macOS Tahoe 26.3 has been resolved, which previously allowed physical access to a locked device to expose sensitive user information.
4.6 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Tahoe 26.3 resolves an authorization issue that allowed apps to access sensitive user data through enhanced state management.
5.5 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A logic issue that could allow an app to escape its sandbox has been resolved in multiple OS updates, including watchOS 26.3 and iOS 26.3.
8.8 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Tahoe 26.3 addressed a parsing issue in directory path handling, enhancing path validation to prevent unauthorized access to sensitive user data by applications.
5.5 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A logic issue allowing network traffic interception by an attacker in a privileged position has been resolved across multiple Apple operating systems, including watchOS, tvOS, macOS, iOS, and visionOS.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A logic issue was resolved in multiple macOS and iOS versions, with a note that disabling 'Load remote content in messages' may not influence all mail previews.
5.3 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Recent updates across various operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS, have addressed user information disclosure vulnerabilities related to malicious image processing through enhanced bounds checks.
5.5 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
The recent updates in iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have resolved user tracking issues through Safari web extensions by enhancing state management.
5.3 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
A race condition in multiple Apple operating systems was resolved, which could have allowed shortcuts to bypass sandbox restrictions.
9.0 (Critical)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Recent updates in macOS Tahoe 26.3 and iOS 18.7.5 have introduced additional restrictions to prevent sandboxed apps from accessing sensitive user data.
6.5 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
macOS Tahoe 26.3 resolves a privacy issue by enhancing private data redaction for log entries, preventing unauthorized access to user contact information by apps.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
Multiple Apple operating systems have been affected by memory corruption vulnerabilities that could allow arbitrary code execution, with fixes implemented in version 26.3 and reports of exploitation in earlier iOS versions.
7.8 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / macOS Sequoia
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Sonoma
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / macOS Tahoe
|
vers:unknown/* |
References
74 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Apple heeft kwetsbaarheden verholpen in macOS, inclusief versies Sequoia 15.7.4, Tahoe 26.3 en Sonoma 14.8.4.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden omvatten onder andere problemen met geheugencorruptie, ongeautoriseerde toegang tot gevoelige gebruikersdata, en logboekproblemen die konden leiden tot ongeautoriseerde toegang tot locatie-informatie. De updates bevatten verbeterde validatieprocessen en state management om deze risico\u0027s te mitigeren.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Use of Out-of-range Pointer Offset",
"title": "CWE-823"
},
{
"category": "general",
"text": "Expired Pointer Dereference",
"title": "CWE-825"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/126348"
},
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/126349"
},
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/126350"
}
],
"title": "Kwetsbaarheden verholpen in Apple macOS",
"tracking": {
"current_release_date": "2026-02-13T13:24:06.433550Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0063",
"initial_release_date": "2026-02-13T13:24:06.433550Z",
"revision_history": [
{
"date": "2026-02-13T13:24:06.433550Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "macOS Sequoia"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "macOS Sonoma"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "macOS Tahoe"
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-14174",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Use of Out-of-range Pointer Offset",
"title": "CWE-823"
},
{
"category": "description",
"text": "The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including memory corruption and buffer overflow, while a high-severity out of bounds memory access vulnerability in ANGLE affects Google Chrome and other Chromium-based browsers.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-14174 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-14174.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-14174"
},
{
"cve": "CVE-2025-43338",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "An out-of-bounds access issue was resolved in macOS Tahoe 26 and macOS Sonoma 14.8.2, preventing potential app termination or memory corruption from malicious media files through improved bounds checking.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43338 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43338.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43338"
},
{
"cve": "CVE-2025-43402",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "macOS Tahoe 26.1 has resolved issues related to unexpected system termination and process memory corruption through enhanced memory handling.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43402 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43402.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43402"
},
{
"cve": "CVE-2025-43403",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "description",
"text": "Authorization issues regarding sensitive user data access have been resolved in macOS Sequoia 15.7.4 and macOS Sonoma 14.8.4, addressing potential risks of unauthorized app access.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43403 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43403.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43403"
},
{
"cve": "CVE-2025-43417",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "macOS Sonoma 14.8.4 addresses a path handling issue that could allow applications to access user-sensitive data through improved logic.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43417 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43417.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43417"
},
{
"cve": "CVE-2025-43529",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "other",
"text": "Expired Pointer Dereference",
"title": "CWE-825"
},
{
"category": "description",
"text": "The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including use-after-free and memory corruption issues, potentially allowing arbitrary code execution through malicious web content.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43529 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43529.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43529"
},
{
"cve": "CVE-2025-43533",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Apple addressed multiple memory corruption vulnerabilities across its operating systems, including watchOS, iOS, iPadOS, macOS, visionOS, and tvOS, through improved input validation and enhanced bounds checks to prevent crashes from malicious HID devices.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43533 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-43533"
},
{
"cve": "CVE-2025-46283",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "macOS Tahoe 26.2 addressed a logic issue through improved validation, which could have allowed unauthorized access to sensitive user data by applications.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46283 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46283.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-46283"
},
{
"cve": "CVE-2025-46290",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"notes": [
{
"category": "other",
"text": "Protection Mechanism Failure",
"title": "CWE-693"
},
{
"category": "other",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4 and macOS Sonoma 14.8.4 have addressed a logic issue that could allow remote attackers to cause a denial-of-service through improved checks.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46290 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46290.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-46290"
},
{
"cve": "CVE-2025-46300",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46300 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46300.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-46300"
},
{
"cve": "CVE-2025-46301",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46301 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46301.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-46301"
},
{
"cve": "CVE-2025-46302",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46302 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46302.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-46302"
},
{
"cve": "CVE-2025-46303",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46303 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46303.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-46303"
},
{
"cve": "CVE-2025-46304",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46304 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46304.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-46304"
},
{
"cve": "CVE-2025-46305",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46305 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46305.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-46305"
},
{
"cve": "CVE-2025-46310",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"notes": [
{
"category": "other",
"text": "Improper Privilege Management",
"title": "CWE-269"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4 and macOS Sonoma 14.8.4 have resolved a vulnerability that allowed attackers with root privileges to delete protected system files through enhanced state management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46310 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46310.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-46310"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities, including memory amplification in libexpat and denial-of-service issues in Oracle Communications Network Analytics and Apple Software, expose systems to potential disruptions without enabling arbitrary code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59375 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-59375"
},
{
"cve": "CVE-2026-20601",
"notes": [
{
"category": "description",
"text": "macOS Tahoe 26.3 has resolved a permissions issue that allowed applications to monitor keystrokes without user consent by implementing additional restrictions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20601 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20601.json"
}
],
"title": "CVE-2026-20601"
},
{
"cve": "CVE-2026-20602",
"notes": [
{
"category": "description",
"text": "macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 have addressed a denial-of-service vulnerability related to app cache handling, enhancing overall system stability.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20602 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20602.json"
}
],
"title": "CVE-2026-20602"
},
{
"cve": "CVE-2026-20603",
"notes": [
{
"category": "description",
"text": "macOS Tahoe 26.3 has enhanced redaction capabilities to prevent apps with root privileges from accessing sensitive private information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20603 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20603.json"
}
],
"title": "CVE-2026-20603"
},
{
"cve": "CVE-2026-20605",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "Recent updates in macOS Sequoia 15.7.4 and iOS 18.7.5 have resolved a memory handling issue that could cause an app to crash a system process.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20605 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20605.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20605"
},
{
"cve": "CVE-2026-20606",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "The vulnerability allowing apps to bypass Privacy preferences in macOS and iOS has been addressed by removing the problematic code across various versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20606 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20606.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20606"
},
{
"cve": "CVE-2026-20608",
"notes": [
{
"category": "description",
"text": "Recent updates in several operating systems and Safari have addressed unexpected process crashes caused by maliciously crafted web content through enhanced state management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20608 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20608.json"
}
],
"title": "CVE-2026-20608"
},
{
"cve": "CVE-2026-20609",
"notes": [
{
"category": "description",
"text": "Various operating systems have addressed improved memory handling to mitigate risks of denial-of-service and memory content disclosure from processing malicious files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20609 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20609.json"
}
],
"title": "CVE-2026-20609"
},
{
"cve": "CVE-2026-20610",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"title": "CWE-59"
},
{
"category": "description",
"text": "macOS Tahoe 26.3 has fixed an issue with symlink handling that previously allowed applications to gain root privileges.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20610 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20610.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20610"
},
{
"cve": "CVE-2026-20611",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds access vulnerability affecting various Apple operating systems was resolved, which could lead to app termination or memory corruption when handling malicious media files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20611 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20611.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20611"
},
{
"cve": "CVE-2026-20612",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 have addressed a privacy issue that allowed apps to access sensitive user data through enhanced checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20612 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20612.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20612"
},
{
"cve": "CVE-2026-20614",
"notes": [
{
"category": "description",
"text": "A path handling vulnerability allowing apps to gain root privileges has been resolved in macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 through enhanced validation measures.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20614 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20614.json"
}
],
"title": "CVE-2026-20614"
},
{
"cve": "CVE-2026-20615",
"notes": [
{
"category": "description",
"text": "A path handling vulnerability allowing apps to gain root privileges has been resolved in iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, and visionOS 26.3 through enhanced validation measures.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20615 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20615.json"
}
],
"title": "CVE-2026-20615"
},
{
"cve": "CVE-2026-20616",
"notes": [
{
"category": "description",
"text": "An out-of-bounds write vulnerability in various Apple operating systems has been resolved through enhanced bounds checking, preventing unexpected app terminations when handling malicious USD files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20616 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20616.json"
}
],
"title": "CVE-2026-20616"
},
{
"cve": "CVE-2026-20617",
"notes": [
{
"category": "description",
"text": "A race condition affecting multiple Apple operating systems, including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, was fixed, which could have allowed apps to gain root privileges due to improved state handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20617 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20617.json"
}
],
"title": "CVE-2026-20617"
},
{
"cve": "CVE-2026-20618",
"notes": [
{
"category": "description",
"text": "macOS Tahoe 26.3 has improved temporary file handling, resolving an issue that could allow applications to access user-sensitive data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20618 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20618.json"
}
],
"title": "CVE-2026-20618"
},
{
"cve": "CVE-2026-20619",
"notes": [
{
"category": "description",
"text": "A logging issue in macOS Sequoia 15.7.4 and macOS Tahoe 26.3 has been resolved, enhancing data redaction to prevent unauthorized access to sensitive user information by applications.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20619 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20619.json"
}
],
"title": "CVE-2026-20619"
},
{
"cve": "CVE-2026-20620",
"notes": [
{
"category": "description",
"text": "An out-of-bounds read vulnerability was resolved in macOS versions 15.7.4, 26.3, and 14.8.4, potentially allowing attackers to read kernel memory or cause unexpected system termination.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20620 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20620.json"
}
],
"title": "CVE-2026-20620"
},
{
"cve": "CVE-2026-20621",
"notes": [
{
"category": "description",
"text": "Recent updates to macOS and iOS have resolved issues related to memory handling that could cause unexpected system termination or kernel memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20621 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20621.json"
}
],
"title": "CVE-2026-20621"
},
{
"cve": "CVE-2026-20623",
"notes": [
{
"category": "description",
"text": "A permissions issue in macOS Tahoe 26.3 was resolved by removing vulnerable code that could allow unauthorized access to protected user data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20623 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20623.json"
}
],
"title": "CVE-2026-20623"
},
{
"cve": "CVE-2026-20624",
"notes": [
{
"category": "description",
"text": "Recent updates in macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 have addressed an injection issue that could allow apps to access sensitive user data through improved validation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20624 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20624.json"
}
],
"title": "CVE-2026-20624"
},
{
"cve": "CVE-2026-20625",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "Recent updates in macOS and visionOS addressed a parsing issue in directory path handling, enhancing path validation to prevent unauthorized access to sensitive user data by applications.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20625 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20625.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20625"
},
{
"cve": "CVE-2026-20626",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed the issue of malicious apps gaining root privileges through enhanced checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20626 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20626.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20626"
},
{
"cve": "CVE-2026-20627",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Recent updates in watchOS 26.3 and iOS 26.3 have resolved an issue with environment variable handling that could allow unauthorized access to sensitive user data through improved validation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20627 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20627.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20627"
},
{
"cve": "CVE-2026-20628",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A permissions vulnerability that could allow an application to escape its sandbox has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20628 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20628.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20628"
},
{
"cve": "CVE-2026-20629",
"notes": [
{
"category": "description",
"text": "macOS Tahoe 26.3 has resolved a privacy issue that allowed applications to access user-sensitive data through improper handling of temporary files.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20629 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20629.json"
}
],
"title": "CVE-2026-20629"
},
{
"cve": "CVE-2026-20630",
"cwe": {
"id": "CWE-277",
"name": "Insecure Inherited Permissions"
},
"notes": [
{
"category": "other",
"text": "Insecure Inherited Permissions",
"title": "CWE-277"
},
{
"category": "description",
"text": "macOS Tahoe 26.3 has resolved a permissions issue that previously allowed applications to access protected user data, implementing additional restrictions to enhance security.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20630 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20630.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20630"
},
{
"cve": "CVE-2026-20634",
"notes": [
{
"category": "description",
"text": "Recent updates to watchOS, tvOS, macOS, iOS, and iPadOS have addressed memory handling vulnerabilities that could lead to process memory disclosure when processing maliciously crafted images.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20634 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20634.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20634"
},
{
"cve": "CVE-2026-20635",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "Recent updates have enhanced memory handling and state management across various operating systems, effectively reducing the risk of unexpected process crashes from malicious web content.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20635 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20635.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20635"
},
{
"cve": "CVE-2026-20636",
"notes": [
{
"category": "description",
"text": "iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed unexpected process crashes due to malicious web content through enhanced memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20636 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20636.json"
}
],
"title": "CVE-2026-20636"
},
{
"cve": "CVE-2026-20641",
"notes": [
{
"category": "description",
"text": "A privacy vulnerability that enabled applications to detect other installed apps has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20641 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20641.json"
}
],
"title": "CVE-2026-20641"
},
{
"cve": "CVE-2026-20644",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Apple has addressed the issue of unexpected process crashes caused by malicious web content through enhanced memory handling in its operating systems and Safari version 26.3.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20644 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20644.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20644"
},
{
"cve": "CVE-2026-20646",
"notes": [
{
"category": "description",
"text": "macOS Tahoe 26.3 has resolved a logging vulnerability that allowed malicious applications to access sensitive location data through enhanced data redaction techniques.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20646 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20646.json"
}
],
"title": "CVE-2026-20646"
},
{
"cve": "CVE-2026-20647",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "macOS Tahoe 26.3 has resolved unauthorized access issues by implementing enhanced data protection measures that prevent apps from accessing sensitive user data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20647 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20647.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20647"
},
{
"cve": "CVE-2026-20648",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "A privacy issue in macOS Tahoe 26.3 was addressed by relocating sensitive data to a secure location, effectively preventing unauthorized access to notifications from other iCloud devices by malicious applications.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20648 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20648.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20648"
},
{
"cve": "CVE-2026-20649",
"notes": [
{
"category": "description",
"text": "A logging issue allowing potential exposure of sensitive information has been resolved through enhanced data redaction in watchOS 26.3, iOS 26.3, iPadOS 26.3, tvOS 26.3, and macOS Tahoe 26.3.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20649 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20649.json"
}
],
"title": "CVE-2026-20649"
},
{
"cve": "CVE-2026-20650",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "A denial-of-service vulnerability in Bluetooth packets has been addressed across multiple Apple operating systems, including iOS and macOS, allowing potential exploitation by attackers in privileged network positions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20650 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20650.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20650"
},
{
"cve": "CVE-2026-20652",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Recent updates to macOS, iOS, iPadOS, visionOS, and Safari have addressed a vulnerability related to improved memory handling that could enable remote attackers to execute denial-of-service attacks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20652 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20652.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20652"
},
{
"cve": "CVE-2026-20653",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "A parsing issue in directory path handling was resolved, enhancing path validation to prevent unauthorized access to sensitive user data across multiple macOS and iOS versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20653 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20653.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20653"
},
{
"cve": "CVE-2026-20654",
"notes": [
{
"category": "description",
"text": "The unexpected system termination issue caused by app behavior has been resolved through enhanced memory management in operating systems including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, all updated to version 26.3.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20654 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20654.json"
}
],
"title": "CVE-2026-20654"
},
{
"cve": "CVE-2026-20656",
"notes": [
{
"category": "description",
"text": "A logic issue allowing app access to user Safari history has been resolved in iOS 18.7.5, iPadOS 18.7.5, Safari 26.3, and macOS Tahoe 26.3 through enhanced validation measures.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20656 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20656.json"
}
],
"title": "CVE-2026-20656"
},
{
"cve": "CVE-2026-20658",
"notes": [
{
"category": "description",
"text": "macOS Tahoe 26.3 has resolved a package validation vulnerability that could allow applications to gain root privileges by blocking the affected package.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20658 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20658.json"
}
],
"title": "CVE-2026-20658"
},
{
"cve": "CVE-2026-20660",
"notes": [
{
"category": "description",
"text": "A path handling vulnerability in several Apple operating systems and Safari versions has been addressed, which previously allowed remote users to write arbitrary files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20660 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20660.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20660"
},
{
"cve": "CVE-2026-20662",
"notes": [
{
"category": "description",
"text": "An authorization issue in macOS Sequoia 15.7.4 and macOS Tahoe 26.3 has been resolved, which previously allowed physical access to a locked device to expose sensitive user information.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20662 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20662.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20662"
},
{
"cve": "CVE-2026-20666",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "description",
"text": "macOS Tahoe 26.3 resolves an authorization issue that allowed apps to access sensitive user data through enhanced state management.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20666 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20666.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20666"
},
{
"cve": "CVE-2026-20667",
"notes": [
{
"category": "description",
"text": "A logic issue that could allow an app to escape its sandbox has been resolved in multiple OS updates, including watchOS 26.3 and iOS 26.3.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20667 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20667.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20667"
},
{
"cve": "CVE-2026-20669",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "macOS Tahoe 26.3 addressed a parsing issue in directory path handling, enhancing path validation to prevent unauthorized access to sensitive user data by applications.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20669 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20669.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20669"
},
{
"cve": "CVE-2026-20671",
"notes": [
{
"category": "description",
"text": "A logic issue allowing network traffic interception by an attacker in a privileged position has been resolved across multiple Apple operating systems, including watchOS, tvOS, macOS, iOS, and visionOS.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20671 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20671.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20671"
},
{
"cve": "CVE-2026-20673",
"notes": [
{
"category": "description",
"text": "A logic issue was resolved in multiple macOS and iOS versions, with a note that disabling \u0027Load remote content in messages\u0027 may not influence all mail previews.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20673 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20673.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20673"
},
{
"cve": "CVE-2026-20675",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates across various operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS, have addressed user information disclosure vulnerabilities related to malicious image processing through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20675 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20675.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20675"
},
{
"cve": "CVE-2026-20676",
"notes": [
{
"category": "description",
"text": "The recent updates in iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have resolved user tracking issues through Safari web extensions by enhancing state management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20676 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20676.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20676"
},
{
"cve": "CVE-2026-20677",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "description",
"text": "A race condition in multiple Apple operating systems was resolved, which could have allowed shortcuts to bypass sandbox restrictions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20677 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20677.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20677"
},
{
"cve": "CVE-2026-20680",
"notes": [
{
"category": "description",
"text": "Recent updates in macOS Tahoe 26.3 and iOS 18.7.5 have introduced additional restrictions to prevent sandboxed apps from accessing sensitive user data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20680 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20680.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20680"
},
{
"cve": "CVE-2026-20681",
"notes": [
{
"category": "description",
"text": "macOS Tahoe 26.3 resolves a privacy issue by enhancing private data redaction for log entries, preventing unauthorized access to user contact information by apps.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20681 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20681.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20681"
},
{
"cve": "CVE-2026-20700",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "Multiple Apple operating systems have been affected by memory corruption vulnerabilities that could allow arbitrary code execution, with fixes implemented in version 26.3 and reports of exploitation in earlier iOS versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20700 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20700.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2026-20700"
}
]
}
NCSC-2026-0064
Vulnerability from csaf_ncscnl - Published: 2026-02-13 13:35 - Updated: 2026-02-13 13:35Summary
Kwetsbaarheden verholpen in Apple iOS en iPadOS
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Apple heeft kwetsbaarheden verholpen in iOS en iPadOS.
Interpretaties: De kwetsbaarheden omvatten verschillende problemen zoals geheugenbeschadiging, bufferoverloop, en gebruik na vrijgave, die konden leiden tot ongeautoriseerde toegang tot gevoelige gegevens, onverwachte procescrashes en andere stabiliteitsproblemen. De kwetsbaarheden werden voornamelijk veroorzaakt door inadequate invoervalidatie en kwetsbaarheden in de verwerking van schadelijke inhoud. De updates zijn gericht op het verbeteren van de beveiliging en stabiliteit van de betrokken besturingssystemen.
Apple meldt dat zij een rapport hebben ontvangen dat de kwetsbaarheid met kenmerk CVE-2026-20700 mogelijk is misbruikt bij een zeer gerichte aanval, waarbij een iOS device met versienummer vóór 26 het slachtoffer is. Meer detailinformatie is niet vrijgegeven. De kwetsbaarheid stelt een kwaadwillende in staat om willekeurige code uit te voeren. Voor succesvol misbruik moet de kwaadwillende voorafgaande rechten hebben om geheugen te mogen beschrijven.
Oplossingen: Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-416: Use After Free
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-823: Use of Out-of-range Pointer Offset
CWE-825: Expired Pointer Dereference
The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including memory corruption and buffer overflow, while a high-severity out of bounds memory access vulnerability in ANGLE affects Google Chrome and other Chromium-based browsers.
8.8 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including use-after-free and memory corruption issues, potentially allowing arbitrary code execution through malicious web content.
8.8 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Apple addressed multiple memory corruption vulnerabilities across its operating systems, including watchOS, iOS, iPadOS, macOS, visionOS, and tvOS, through improved input validation and enhanced bounds checks to prevent crashes from malicious HID devices.
CWE-20 - Improper Input ValidationAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
iOS 18.7.5 and iPadOS 18.7.5 addressed a path handling vulnerability that could allow malicious backup files to alter protected system files.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.
5.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.
5.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.
5.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.
5.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.
5.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.
5.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Multiple vulnerabilities, including memory amplification in libexpat and denial-of-service issues in Oracle Communications Network Analytics and Apple Software, expose systems to potential disruptions without enabling arbitrary code execution.
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Recent updates in macOS Sequoia 15.7.4 and iOS 18.7.5 have resolved a memory handling issue that could cause an app to crash a system process.
4.6 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
The vulnerability allowing apps to bypass Privacy preferences in macOS and iOS has been addressed by removing the problematic code across various versions.
7.1 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Recent updates in several operating systems and Safari have addressed unexpected process crashes caused by maliciously crafted web content through enhanced state management.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Various operating systems have addressed improved memory handling to mitigate risks of denial-of-service and memory content disclosure from processing malicious files.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An out-of-bounds access vulnerability affecting various Apple operating systems was resolved, which could lead to app termination or memory corruption when handling malicious media files.
7.1 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A path handling vulnerability allowing apps to gain root privileges has been resolved in iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, and visionOS 26.3 through enhanced validation measures.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An out-of-bounds write vulnerability in various Apple operating systems has been resolved through enhanced bounds checking, preventing unexpected app terminations when handling malicious USD files.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A race condition affecting multiple Apple operating systems, including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, was fixed, which could have allowed apps to gain root privileges due to improved state handling.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Recent updates to macOS and iOS have resolved issues related to memory handling that could cause unexpected system termination or kernel memory corruption.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
macOS Sequoia 15.7.4, iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed the issue of malicious apps gaining root privileges through enhanced checks.
7.8 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Recent updates in watchOS 26.3 and iOS 26.3 have resolved an issue with environment variable handling that could allow unauthorized access to sensitive user data through improved validation.
5.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A permissions vulnerability that could allow an application to escape its sandbox has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.
7.1 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Recent updates to watchOS, tvOS, macOS, iOS, and iPadOS have addressed memory handling vulnerabilities that could lead to process memory disclosure when processing maliciously crafted images.
5.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Recent updates have enhanced memory handling and state management across various operating systems, effectively reducing the risk of unexpected process crashes from malicious web content.
4.3 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed unexpected process crashes due to malicious web content through enhanced memory handling.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A logic issue that could expose identifying information for users with Live Caller ID app extensions disabled has been resolved in iOS 26.3 and iPadOS 26.3.
5.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
iOS 26.3 and iPadOS 26.3 addressed an inconsistent user interface issue that could allow an attacker with physical access to capture sensitive data during iPhone Mirroring with Mac.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A privacy vulnerability that enabled applications to detect other installed apps has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An input validation vulnerability in iOS 26.3 and iPadOS 26.3 allowed physical access to an iOS device to potentially enable unauthorized access to photos from the lock screen, which has now been addressed.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Apple has addressed the issue of unexpected process crashes caused by malicious web content through enhanced memory handling in its operating systems and Safari version 26.3.
6.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An inconsistent user interface issue in iOS 26.3 and iPadOS 18.7.5 was resolved, which could have allowed an attacker with physical access to a locked device to view sensitive user information.
4.6 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A logging issue allowing potential exposure of sensitive information has been resolved through enhanced data redaction in watchOS 26.3, iOS 26.3, iPadOS 26.3, tvOS 26.3, and macOS Tahoe 26.3.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A denial-of-service vulnerability in Bluetooth packets has been addressed across multiple Apple operating systems, including iOS and macOS, allowing potential exploitation by attackers in privileged network positions.
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Recent updates to macOS, iOS, iPadOS, visionOS, and Safari have addressed a vulnerability related to improved memory handling that could enable remote attackers to execute denial-of-service attacks.
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A parsing issue in directory path handling was resolved, enhancing path validation to prevent unauthorized access to sensitive user data across multiple macOS and iOS versions.
5.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
The unexpected system termination issue caused by app behavior has been resolved through enhanced memory management in operating systems including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, all updated to version 26.3.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An authorization issue affecting iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 has been resolved, which previously allowed physical access to a locked device to expose sensitive user information.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A logic issue allowing app access to user Safari history has been resolved in iOS 18.7.5, iPadOS 18.7.5, Safari 26.3, and macOS Tahoe 26.3 through enhanced validation measures.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A path handling vulnerability in several Apple operating systems and Safari versions has been addressed, which previously allowed remote users to write arbitrary files.
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An authorization issue affecting iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 has been resolved, which previously allowed physical access to a locked device to expose sensitive user information.
4.6 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
The issue of app enumeration of installed applications was addressed in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 through the implementation of sanitized logging.
CWE-532 - Insertion of Sensitive Information into Log FileAffected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A logic issue that could allow an app to escape its sandbox has been resolved in multiple OS updates, including watchOS 26.3 and iOS 26.3.
8.8 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A logic issue allowing network traffic interception by an attacker in a privileged position has been resolved across multiple Apple operating systems, including watchOS, tvOS, macOS, iOS, and visionOS.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A logic issue was resolved in multiple macOS and iOS versions, with a note that disabling 'Load remote content in messages' may not influence all mail previews.
5.3 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
iOS 26.3 and iPadOS 26.3 resolved a privacy issue by eliminating sensitive data that could be accessed by an attacker with physical access to a locked device.
4.6 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Recent updates across various operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS, have addressed user information disclosure vulnerabilities related to malicious image processing through enhanced bounds checks.
5.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
The recent updates in iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have resolved user tracking issues through Safari web extensions by enhancing state management.
5.3 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A race condition in multiple Apple operating systems was resolved, which could have allowed shortcuts to bypass sandbox restrictions.
9.0 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
An authorization issue allowing potential access to sensitive user data has been resolved in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 through improved state management.
5.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Recent updates in macOS Tahoe 26.3 and iOS 18.7.5 have introduced additional restrictions to prevent sandboxed apps from accessing sensitive user data.
6.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
A logic issue in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 was resolved, which previously allowed unauthorized access to deleted user notes.
5.3 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
Multiple Apple operating systems have been affected by memory corruption vulnerabilities that could allow arbitrary code execution, with fixes implemented in version 26.3 and reports of exploitation in earlier iOS versions.
7.8 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Apple / iOS
|
vers:unknown/* | ||
|
vers:unknown/*
Apple / iPadOS
|
vers:unknown/* |
References
55 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Apple heeft kwetsbaarheden verholpen in iOS en iPadOS.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden omvatten verschillende problemen zoals geheugenbeschadiging, bufferoverloop, en gebruik na vrijgave, die konden leiden tot ongeautoriseerde toegang tot gevoelige gegevens, onverwachte procescrashes en andere stabiliteitsproblemen. De kwetsbaarheden werden voornamelijk veroorzaakt door inadequate invoervalidatie en kwetsbaarheden in de verwerking van schadelijke inhoud. De updates zijn gericht op het verbeteren van de beveiliging en stabiliteit van de betrokken besturingssystemen.\n\nApple meldt dat zij een rapport hebben ontvangen dat de kwetsbaarheid met kenmerk CVE-2026-20700 mogelijk is misbruikt bij een zeer gerichte aanval, waarbij een iOS device met versienummer v\u00f3\u00f3r 26 het slachtoffer is. Meer detailinformatie is niet vrijgegeven. De kwetsbaarheid stelt een kwaadwillende in staat om willekeurige code uit te voeren. Voor succesvol misbruik moet de kwaadwillende voorafgaande rechten hebben om geheugen te mogen beschrijven.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Use of Out-of-range Pointer Offset",
"title": "CWE-823"
},
{
"category": "general",
"text": "Expired Pointer Dereference",
"title": "CWE-825"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/126346"
},
{
"category": "external",
"summary": "Reference",
"url": "https://support.apple.com/en-us/126347"
}
],
"title": "Kwetsbaarheden verholpen in Apple iOS en iPadOS",
"tracking": {
"current_release_date": "2026-02-13T13:35:03.870920Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0064",
"initial_release_date": "2026-02-13T13:35:03.870920Z",
"revision_history": [
{
"date": "2026-02-13T13:35:03.870920Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "iOS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "iPadOS"
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-14174",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Use of Out-of-range Pointer Offset",
"title": "CWE-823"
},
{
"category": "description",
"text": "The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including memory corruption and buffer overflow, while a high-severity out of bounds memory access vulnerability in ANGLE affects Google Chrome and other Chromium-based browsers.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-14174 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-14174.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-14174"
},
{
"cve": "CVE-2025-43529",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "other",
"text": "Expired Pointer Dereference",
"title": "CWE-825"
},
{
"category": "description",
"text": "The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including use-after-free and memory corruption issues, potentially allowing arbitrary code execution through malicious web content.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43529 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43529.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-43529"
},
{
"cve": "CVE-2025-43533",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Apple addressed multiple memory corruption vulnerabilities across its operating systems, including watchOS, iOS, iPadOS, macOS, visionOS, and tvOS, through improved input validation and enhanced bounds checks to prevent crashes from malicious HID devices.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43533 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-43533"
},
{
"cve": "CVE-2025-43537",
"notes": [
{
"category": "description",
"text": "iOS 18.7.5 and iPadOS 18.7.5 addressed a path handling vulnerability that could allow malicious backup files to alter protected system files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-43537 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43537.json"
}
],
"title": "CVE-2025-43537"
},
{
"cve": "CVE-2025-46300",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46300 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46300.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-46300"
},
{
"cve": "CVE-2025-46301",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46301 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46301.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-46301"
},
{
"cve": "CVE-2025-46302",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46302 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46302.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-46302"
},
{
"cve": "CVE-2025-46303",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46303 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46303.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-46303"
},
{
"cve": "CVE-2025-46304",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46304 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46304.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-46304"
},
{
"cve": "CVE-2025-46305",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46305 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46305.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-46305"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities, including memory amplification in libexpat and denial-of-service issues in Oracle Communications Network Analytics and Apple Software, expose systems to potential disruptions without enabling arbitrary code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59375 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2025-59375"
},
{
"cve": "CVE-2026-20605",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "Recent updates in macOS Sequoia 15.7.4 and iOS 18.7.5 have resolved a memory handling issue that could cause an app to crash a system process.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20605 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20605.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20605"
},
{
"cve": "CVE-2026-20606",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "The vulnerability allowing apps to bypass Privacy preferences in macOS and iOS has been addressed by removing the problematic code across various versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20606 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20606.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20606"
},
{
"cve": "CVE-2026-20608",
"notes": [
{
"category": "description",
"text": "Recent updates in several operating systems and Safari have addressed unexpected process crashes caused by maliciously crafted web content through enhanced state management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20608 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20608.json"
}
],
"title": "CVE-2026-20608"
},
{
"cve": "CVE-2026-20609",
"notes": [
{
"category": "description",
"text": "Various operating systems have addressed improved memory handling to mitigate risks of denial-of-service and memory content disclosure from processing malicious files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20609 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20609.json"
}
],
"title": "CVE-2026-20609"
},
{
"cve": "CVE-2026-20611",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "An out-of-bounds access vulnerability affecting various Apple operating systems was resolved, which could lead to app termination or memory corruption when handling malicious media files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20611 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20611.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20611"
},
{
"cve": "CVE-2026-20615",
"notes": [
{
"category": "description",
"text": "A path handling vulnerability allowing apps to gain root privileges has been resolved in iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, and visionOS 26.3 through enhanced validation measures.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20615 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20615.json"
}
],
"title": "CVE-2026-20615"
},
{
"cve": "CVE-2026-20616",
"notes": [
{
"category": "description",
"text": "An out-of-bounds write vulnerability in various Apple operating systems has been resolved through enhanced bounds checking, preventing unexpected app terminations when handling malicious USD files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20616 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20616.json"
}
],
"title": "CVE-2026-20616"
},
{
"cve": "CVE-2026-20617",
"notes": [
{
"category": "description",
"text": "A race condition affecting multiple Apple operating systems, including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, was fixed, which could have allowed apps to gain root privileges due to improved state handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20617 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20617.json"
}
],
"title": "CVE-2026-20617"
},
{
"cve": "CVE-2026-20621",
"notes": [
{
"category": "description",
"text": "Recent updates to macOS and iOS have resolved issues related to memory handling that could cause unexpected system termination or kernel memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20621 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20621.json"
}
],
"title": "CVE-2026-20621"
},
{
"cve": "CVE-2026-20626",
"cwe": {
"id": "CWE-862",
"name": "Missing Authorization"
},
"notes": [
{
"category": "other",
"text": "Missing Authorization",
"title": "CWE-862"
},
{
"category": "description",
"text": "macOS Sequoia 15.7.4, iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed the issue of malicious apps gaining root privileges through enhanced checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20626 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20626.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20626"
},
{
"cve": "CVE-2026-20627",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Recent updates in watchOS 26.3 and iOS 26.3 have resolved an issue with environment variable handling that could allow unauthorized access to sensitive user data through improved validation.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20627 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20627.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20627"
},
{
"cve": "CVE-2026-20628",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A permissions vulnerability that could allow an application to escape its sandbox has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20628 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20628.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20628"
},
{
"cve": "CVE-2026-20634",
"notes": [
{
"category": "description",
"text": "Recent updates to watchOS, tvOS, macOS, iOS, and iPadOS have addressed memory handling vulnerabilities that could lead to process memory disclosure when processing maliciously crafted images.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20634 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20634.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20634"
},
{
"cve": "CVE-2026-20635",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "Recent updates have enhanced memory handling and state management across various operating systems, effectively reducing the risk of unexpected process crashes from malicious web content.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20635 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20635.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20635"
},
{
"cve": "CVE-2026-20636",
"notes": [
{
"category": "description",
"text": "iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed unexpected process crashes due to malicious web content through enhanced memory handling.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20636 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20636.json"
}
],
"title": "CVE-2026-20636"
},
{
"cve": "CVE-2026-20638",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A logic issue that could expose identifying information for users with Live Caller ID app extensions disabled has been resolved in iOS 26.3 and iPadOS 26.3.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20638 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20638.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20638"
},
{
"cve": "CVE-2026-20640",
"notes": [
{
"category": "description",
"text": "iOS 26.3 and iPadOS 26.3 addressed an inconsistent user interface issue that could allow an attacker with physical access to capture sensitive data during iPhone Mirroring with Mac.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20640 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20640.json"
}
],
"title": "CVE-2026-20640"
},
{
"cve": "CVE-2026-20641",
"notes": [
{
"category": "description",
"text": "A privacy vulnerability that enabled applications to detect other installed apps has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20641 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20641.json"
}
],
"title": "CVE-2026-20641"
},
{
"cve": "CVE-2026-20642",
"notes": [
{
"category": "description",
"text": "An input validation vulnerability in iOS 26.3 and iPadOS 26.3 allowed physical access to an iOS device to potentially enable unauthorized access to photos from the lock screen, which has now been addressed.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20642 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20642.json"
}
],
"title": "CVE-2026-20642"
},
{
"cve": "CVE-2026-20644",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Apple has addressed the issue of unexpected process crashes caused by malicious web content through enhanced memory handling in its operating systems and Safari version 26.3.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20644 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20644.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20644"
},
{
"cve": "CVE-2026-20645",
"cwe": {
"id": "CWE-1021",
"name": "Improper Restriction of Rendered UI Layers or Frames"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Rendered UI Layers or Frames",
"title": "CWE-1021"
},
{
"category": "description",
"text": "An inconsistent user interface issue in iOS 26.3 and iPadOS 18.7.5 was resolved, which could have allowed an attacker with physical access to a locked device to view sensitive user information.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20645 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20645.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20645"
},
{
"cve": "CVE-2026-20649",
"notes": [
{
"category": "description",
"text": "A logging issue allowing potential exposure of sensitive information has been resolved through enhanced data redaction in watchOS 26.3, iOS 26.3, iPadOS 26.3, tvOS 26.3, and macOS Tahoe 26.3.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20649 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20649.json"
}
],
"title": "CVE-2026-20649"
},
{
"cve": "CVE-2026-20650",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "A denial-of-service vulnerability in Bluetooth packets has been addressed across multiple Apple operating systems, including iOS and macOS, allowing potential exploitation by attackers in privileged network positions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20650 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20650.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20650"
},
{
"cve": "CVE-2026-20652",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Recent updates to macOS, iOS, iPadOS, visionOS, and Safari have addressed a vulnerability related to improved memory handling that could enable remote attackers to execute denial-of-service attacks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20652 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20652.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20652"
},
{
"cve": "CVE-2026-20653",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "A parsing issue in directory path handling was resolved, enhancing path validation to prevent unauthorized access to sensitive user data across multiple macOS and iOS versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20653 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20653.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20653"
},
{
"cve": "CVE-2026-20654",
"notes": [
{
"category": "description",
"text": "The unexpected system termination issue caused by app behavior has been resolved through enhanced memory management in operating systems including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, all updated to version 26.3.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20654 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20654.json"
}
],
"title": "CVE-2026-20654"
},
{
"cve": "CVE-2026-20655",
"notes": [
{
"category": "description",
"text": "An authorization issue affecting iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 has been resolved, which previously allowed physical access to a locked device to expose sensitive user information.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20655 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20655.json"
}
],
"title": "CVE-2026-20655"
},
{
"cve": "CVE-2026-20656",
"notes": [
{
"category": "description",
"text": "A logic issue allowing app access to user Safari history has been resolved in iOS 18.7.5, iPadOS 18.7.5, Safari 26.3, and macOS Tahoe 26.3 through enhanced validation measures.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20656 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20656.json"
}
],
"title": "CVE-2026-20656"
},
{
"cve": "CVE-2026-20660",
"notes": [
{
"category": "description",
"text": "A path handling vulnerability in several Apple operating systems and Safari versions has been addressed, which previously allowed remote users to write arbitrary files.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20660 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20660.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20660"
},
{
"cve": "CVE-2026-20661",
"notes": [
{
"category": "description",
"text": "An authorization issue affecting iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 has been resolved, which previously allowed physical access to a locked device to expose sensitive user information.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20661 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20661.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20661"
},
{
"cve": "CVE-2026-20663",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
},
{
"category": "description",
"text": "The issue of app enumeration of installed applications was addressed in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 through the implementation of sanitized logging.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20663 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20663.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20663"
},
{
"cve": "CVE-2026-20667",
"notes": [
{
"category": "description",
"text": "A logic issue that could allow an app to escape its sandbox has been resolved in multiple OS updates, including watchOS 26.3 and iOS 26.3.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20667 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20667.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20667"
},
{
"cve": "CVE-2026-20671",
"notes": [
{
"category": "description",
"text": "A logic issue allowing network traffic interception by an attacker in a privileged position has been resolved across multiple Apple operating systems, including watchOS, tvOS, macOS, iOS, and visionOS.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20671 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20671.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20671"
},
{
"cve": "CVE-2026-20673",
"notes": [
{
"category": "description",
"text": "A logic issue was resolved in multiple macOS and iOS versions, with a note that disabling \u0027Load remote content in messages\u0027 may not influence all mail previews.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20673 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20673.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20673"
},
{
"cve": "CVE-2026-20674",
"notes": [
{
"category": "description",
"text": "iOS 26.3 and iPadOS 26.3 resolved a privacy issue by eliminating sensitive data that could be accessed by an attacker with physical access to a locked device.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20674 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20674.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20674"
},
{
"cve": "CVE-2026-20675",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Recent updates across various operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS, have addressed user information disclosure vulnerabilities related to malicious image processing through enhanced bounds checks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20675 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20675.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20675"
},
{
"cve": "CVE-2026-20676",
"notes": [
{
"category": "description",
"text": "The recent updates in iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have resolved user tracking issues through Safari web extensions by enhancing state management.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20676 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20676.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20676"
},
{
"cve": "CVE-2026-20677",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "description",
"text": "A race condition in multiple Apple operating systems was resolved, which could have allowed shortcuts to bypass sandbox restrictions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20677 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20677.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20677"
},
{
"cve": "CVE-2026-20678",
"notes": [
{
"category": "description",
"text": "An authorization issue allowing potential access to sensitive user data has been resolved in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 through improved state management.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20678 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20678.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20678"
},
{
"cve": "CVE-2026-20680",
"notes": [
{
"category": "description",
"text": "Recent updates in macOS Tahoe 26.3 and iOS 18.7.5 have introduced additional restrictions to prevent sandboxed apps from accessing sensitive user data.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20680 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20680.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20680"
},
{
"cve": "CVE-2026-20682",
"notes": [
{
"category": "description",
"text": "A logic issue in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 was resolved, which previously allowed unauthorized access to deleted user notes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20682 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20682.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20682"
},
{
"cve": "CVE-2026-20700",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "description",
"text": "Multiple Apple operating systems have been affected by memory corruption vulnerabilities that could allow arbitrary code execution, with fixes implemented in version 26.3 and reports of exploitation in earlier iOS versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-20700 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20700.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2"
]
}
],
"title": "CVE-2026-20700"
}
]
}
RHSA-2026:10702
Vulnerability from csaf_redhat - Published: 2026-04-27 02:00 - Updated: 2026-05-20 09:02Summary
Red Hat Security Advisory: webkit2gtk3 security update
Severity
Important
Notes
Topic: An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)
* webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)
* webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)
* webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)
* webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)
* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)
* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)
* webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859)
* webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a memory initialization issue due to improper memory handling and result in the disclosure of the internal states of the application.
6.5 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper state management.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy.
5.4 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. A remote attacker may be able to cause a denial-of-service due to improper memory handling.
7.5 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to improper state management.
5.4 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. A malicious website can track users through web extensions due to improper state management.
4.3 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user.
4.3 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. A maliciously crafted web page may be able to process restricted web content outside the sandbox due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. A maliciously crafted web page can cause a logic issue due to improper checks and result in a cross-site scripting attack.
4.3 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
95 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)\n\n* webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)\n\n* webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)\n\n* webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)\n\n* webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)\n\n* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)\n\n* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)\n\n* webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859)\n\n* webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:10702",
"url": "https://access.redhat.com/errata/RHSA-2026:10702"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2448781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448781"
},
{
"category": "external",
"summary": "2448782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448782"
},
{
"category": "external",
"summary": "2448786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448786"
},
{
"category": "external",
"summary": "2448787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448787"
},
{
"category": "external",
"summary": "2448788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448788"
},
{
"category": "external",
"summary": "2448789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448789"
},
{
"category": "external",
"summary": "2448790",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448790"
},
{
"category": "external",
"summary": "2448791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448791"
},
{
"category": "external",
"summary": "2448792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448792"
},
{
"category": "external",
"summary": "2448793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448793"
},
{
"category": "external",
"summary": "2448794",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448794"
},
{
"category": "external",
"summary": "2453000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453000"
},
{
"category": "external",
"summary": "2453001",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453001"
},
{
"category": "external",
"summary": "2453002",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453002"
},
{
"category": "external",
"summary": "2453003",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453003"
},
{
"category": "external",
"summary": "2453004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453004"
},
{
"category": "external",
"summary": "2453006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453006"
},
{
"category": "external",
"summary": "2453008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453008"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_10702.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2026-05-20T09:02:06+00:00",
"generator": {
"date": "2026-05-20T09:02:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2026:10702",
"initial_release_date": "2026-04-27T02:00:56+00:00",
"revision_history": [
{
"date": "2026-04-27T02:00:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-27T02:00:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-20T09:02:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el8_10.src",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el8_10.src",
"product_id": "webkit2gtk3-0:2.52.3-1.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el8_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"product_id": "webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"product": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"product_id": "webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"product_id": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el8_10?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"product_id": "webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el8_10?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el8_10.i686",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el8_10.i686",
"product_id": "webkit2gtk3-0:2.52.3-1.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"product_id": "webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"product_id": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el8_10?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"product_id": "webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"product_id": "webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el8_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"product_id": "webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"product": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"product_id": "webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"product_id": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el8_10?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_10.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_10.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-43213",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:07:22.054000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448781"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-43213"
},
{
"category": "external",
"summary": "RHBZ#2448781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448781"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-43213",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43213"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43213",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43213"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-27T02:00:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10702"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
},
{
"cve": "CVE-2025-43214",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:09:29.354000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-43214"
},
{
"category": "external",
"summary": "RHBZ#2448782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-43214",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43214"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-27T02:00:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10702"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
},
{
"cve": "CVE-2025-43457",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2026-03-18T20:13:39.977000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448786"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-43457"
},
{
"category": "external",
"summary": "RHBZ#2448786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448786"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-43457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43457"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43457",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43457"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-27T02:00:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10702"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
},
{
"cve": "CVE-2025-43511",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2026-03-18T20:14:54.262000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448787"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-43511"
},
{
"category": "external",
"summary": "RHBZ#2448787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448787"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-43511",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43511"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43511",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43511"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-27T02:00:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10702"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2025-46299",
"cwe": {
"id": "CWE-909",
"name": "Missing Initialization of Resource"
},
"discovery_date": "2026-03-18T20:16:02.414000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448788"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a memory initialization issue due to improper memory handling and result in the disclosure of the internal states of the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may disclose internal states of the app",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-46299"
},
{
"category": "external",
"summary": "RHBZ#2448788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448788"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-46299",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46299"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-46299",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46299"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-27T02:00:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10702"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may disclose internal states of the app"
},
{
"cve": "CVE-2026-20608",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:17:02.437000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper state management.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20608"
},
{
"category": "external",
"summary": "RHBZ#2448789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20608",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20608"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20608",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20608"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-27T02:00:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10702"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20635",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:18:01.074000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448790"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20635"
},
{
"category": "external",
"summary": "RHBZ#2448790",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448790"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20635",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20635"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-27T02:00:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10702"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20636",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:19:05.331000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448791"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20636"
},
{
"category": "external",
"summary": "RHBZ#2448791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448791"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20636"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20636",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20636"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-27T02:00:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10702"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20643",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"discovery_date": "2026-03-30T12:26:44.043000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20643"
},
{
"category": "external",
"summary": "RHBZ#2453000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20643",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20643"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20643",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20643"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-27T02:00:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10702"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy"
},
{
"cve": "CVE-2026-20644",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:20:25.753000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448792"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20644"
},
{
"category": "external",
"summary": "RHBZ#2448792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448792"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20644",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20644"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20644",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20644"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-27T02:00:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10702"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20652",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:21:51.189000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A remote attacker may be able to cause a denial-of-service due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A remote attacker may be able to cause a denial-of-service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue allows a remote attacker to cause a denial of service. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20652"
},
{
"category": "external",
"summary": "RHBZ#2448793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20652",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20652"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20652",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20652"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-27T02:00:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10702"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: A remote attacker may be able to cause a denial-of-service"
},
{
"cve": "CVE-2026-20664",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-30T12:29:28.691000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453001"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20664"
},
{
"category": "external",
"summary": "RHBZ#2453001",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453001"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20664",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20664"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-27T02:00:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10702"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20665",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"discovery_date": "2026-03-30T12:31:00.597000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453002"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to improper state management.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20665"
},
{
"category": "external",
"summary": "RHBZ#2453002",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20665",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20665"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20665",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20665"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-27T02:00:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10702"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced"
},
{
"cve": "CVE-2026-20676",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-03-18T20:22:50.858000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448794"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A malicious website can track users through web extensions due to improper state management.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A website may be able to track users through Safari web extensions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into visiting a malicious website. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20676"
},
{
"category": "external",
"summary": "RHBZ#2448794",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448794"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20676"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20676",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20676"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-27T02:00:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10702"
},
{
"category": "workaround",
"details": "Do not visit untrusted websites. Also, do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: A website may be able to track users through Safari web extensions"
},
{
"cve": "CVE-2026-20691",
"cwe": {
"id": "CWE-497",
"name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
},
"discovery_date": "2026-03-30T12:32:51.727000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453003"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into visiting a maliciously crafted web page. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20691"
},
{
"category": "external",
"summary": "RHBZ#2453003",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20691",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20691"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20691",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20691"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-27T02:00:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10702"
},
{
"category": "workaround",
"details": "Do not visit untrusted web pages or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user"
},
{
"cve": "CVE-2026-28857",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-30T12:34:50.919000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28857"
},
{
"category": "external",
"summary": "RHBZ#2453004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28857",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28857"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-27T02:00:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10702"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-28859",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-30T12:36:23.943000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A maliciously crafted web page may be able to process restricted web content outside the sandbox due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A malicious website may be able to process restricted web content outside the sandbox",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into visiting a maliciously crafted web page. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28859"
},
{
"category": "external",
"summary": "RHBZ#2453006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28859",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28859"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28859",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28859"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-27T02:00:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10702"
},
{
"category": "workaround",
"details": "Do not visit untrusted web pages or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: A malicious website may be able to process restricted web content outside the sandbox"
},
{
"cve": "CVE-2026-28871",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-03-30T12:39:07.445000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453008"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A maliciously crafted web page can cause a logic issue due to improper checks and result in a cross-site scripting attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into visiting a maliciously crafted web page. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28871"
},
{
"category": "external",
"summary": "RHBZ#2453008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453008"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28871"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-27T02:00:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10702"
},
{
"category": "workaround",
"details": "Do not visit untrusted web pages or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack"
}
]
}
RHSA-2026:11329
Vulnerability from csaf_redhat - Published: 2026-04-28 07:40 - Updated: 2026-05-20 09:02Summary
Red Hat Security Advisory: webkit2gtk3 security update
Severity
Important
Notes
Topic: An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)
* webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)
* webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)
* webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)
* webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)
* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)
* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)
* webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859)
* webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a memory initialization issue due to improper memory handling and result in the disclosure of the internal states of the application.
6.5 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper state management.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy.
5.4 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. A remote attacker may be able to cause a denial-of-service due to improper memory handling.
7.5 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to improper state management.
5.4 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. A malicious website can track users through web extensions due to improper state management.
4.3 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user.
4.3 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. A maliciously crafted web page may be able to process restricted web content outside the sandbox due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. A maliciously crafted web page can cause a logic issue due to improper checks and result in a cross-site scripting attack.
4.3 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
95 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)\n\n* webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)\n\n* webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)\n\n* webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)\n\n* webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)\n\n* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)\n\n* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)\n\n* webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859)\n\n* webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:11329",
"url": "https://access.redhat.com/errata/RHSA-2026:11329"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2448781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448781"
},
{
"category": "external",
"summary": "2448782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448782"
},
{
"category": "external",
"summary": "2448786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448786"
},
{
"category": "external",
"summary": "2448787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448787"
},
{
"category": "external",
"summary": "2448788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448788"
},
{
"category": "external",
"summary": "2448789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448789"
},
{
"category": "external",
"summary": "2448790",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448790"
},
{
"category": "external",
"summary": "2448791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448791"
},
{
"category": "external",
"summary": "2448792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448792"
},
{
"category": "external",
"summary": "2448793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448793"
},
{
"category": "external",
"summary": "2448794",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448794"
},
{
"category": "external",
"summary": "2453000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453000"
},
{
"category": "external",
"summary": "2453001",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453001"
},
{
"category": "external",
"summary": "2453002",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453002"
},
{
"category": "external",
"summary": "2453003",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453003"
},
{
"category": "external",
"summary": "2453004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453004"
},
{
"category": "external",
"summary": "2453006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453006"
},
{
"category": "external",
"summary": "2453008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453008"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_11329.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2026-05-20T09:02:10+00:00",
"generator": {
"date": "2026-05-20T09:02:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2026:11329",
"initial_release_date": "2026-04-28T07:40:56+00:00",
"revision_history": [
{
"date": "2026-04-28T07:40:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-28T07:40:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-20T09:02:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el9_6.src",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el9_6.src",
"product_id": "webkit2gtk3-0:2.52.3-1.el9_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el9_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"product_id": "webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"product": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"product_id": "webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"product_id": "webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el9_6?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"product_id": "webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el9_6?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el9_6.i686",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el9_6.i686",
"product_id": "webkit2gtk3-0:2.52.3-1.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el9_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"product_id": "webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el9_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"product_id": "webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el9_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el9_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el9_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el9_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el9_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el9_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el9_6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"product_id": "webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"product_id": "webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el9_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"product_id": "webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"product": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"product_id": "webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"product_id": "webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el9_6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el9_6.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el9_6.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-43213",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:07:22.054000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448781"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-43213"
},
{
"category": "external",
"summary": "RHBZ#2448781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448781"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-43213",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43213"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43213",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43213"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-28T07:40:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11329"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
},
{
"cve": "CVE-2025-43214",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:09:29.354000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-43214"
},
{
"category": "external",
"summary": "RHBZ#2448782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-43214",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43214"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-28T07:40:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11329"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
},
{
"cve": "CVE-2025-43457",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2026-03-18T20:13:39.977000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448786"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-43457"
},
{
"category": "external",
"summary": "RHBZ#2448786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448786"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-43457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43457"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43457",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43457"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-28T07:40:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11329"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
},
{
"cve": "CVE-2025-43511",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2026-03-18T20:14:54.262000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448787"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-43511"
},
{
"category": "external",
"summary": "RHBZ#2448787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448787"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-43511",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43511"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43511",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43511"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-28T07:40:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11329"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2025-46299",
"cwe": {
"id": "CWE-909",
"name": "Missing Initialization of Resource"
},
"discovery_date": "2026-03-18T20:16:02.414000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448788"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a memory initialization issue due to improper memory handling and result in the disclosure of the internal states of the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may disclose internal states of the app",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-46299"
},
{
"category": "external",
"summary": "RHBZ#2448788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448788"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-46299",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46299"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-46299",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46299"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-28T07:40:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11329"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may disclose internal states of the app"
},
{
"cve": "CVE-2026-20608",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:17:02.437000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper state management.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20608"
},
{
"category": "external",
"summary": "RHBZ#2448789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20608",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20608"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20608",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20608"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-28T07:40:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11329"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20635",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:18:01.074000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448790"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20635"
},
{
"category": "external",
"summary": "RHBZ#2448790",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448790"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20635",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20635"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-28T07:40:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11329"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20636",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:19:05.331000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448791"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20636"
},
{
"category": "external",
"summary": "RHBZ#2448791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448791"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20636"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20636",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20636"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-28T07:40:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11329"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20643",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"discovery_date": "2026-03-30T12:26:44.043000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20643"
},
{
"category": "external",
"summary": "RHBZ#2453000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20643",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20643"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20643",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20643"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-28T07:40:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11329"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy"
},
{
"cve": "CVE-2026-20644",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:20:25.753000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448792"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20644"
},
{
"category": "external",
"summary": "RHBZ#2448792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448792"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20644",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20644"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20644",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20644"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-28T07:40:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11329"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20652",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:21:51.189000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A remote attacker may be able to cause a denial-of-service due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A remote attacker may be able to cause a denial-of-service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue allows a remote attacker to cause a denial of service. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20652"
},
{
"category": "external",
"summary": "RHBZ#2448793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20652",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20652"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20652",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20652"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-28T07:40:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11329"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: A remote attacker may be able to cause a denial-of-service"
},
{
"cve": "CVE-2026-20664",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-30T12:29:28.691000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453001"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20664"
},
{
"category": "external",
"summary": "RHBZ#2453001",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453001"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20664",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20664"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-28T07:40:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11329"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20665",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"discovery_date": "2026-03-30T12:31:00.597000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453002"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to improper state management.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20665"
},
{
"category": "external",
"summary": "RHBZ#2453002",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20665",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20665"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20665",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20665"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-28T07:40:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11329"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced"
},
{
"cve": "CVE-2026-20676",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-03-18T20:22:50.858000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448794"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A malicious website can track users through web extensions due to improper state management.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A website may be able to track users through Safari web extensions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into visiting a malicious website. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20676"
},
{
"category": "external",
"summary": "RHBZ#2448794",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448794"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20676"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20676",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20676"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-28T07:40:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11329"
},
{
"category": "workaround",
"details": "Do not visit untrusted websites. Also, do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: A website may be able to track users through Safari web extensions"
},
{
"cve": "CVE-2026-20691",
"cwe": {
"id": "CWE-497",
"name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
},
"discovery_date": "2026-03-30T12:32:51.727000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453003"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into visiting a maliciously crafted web page. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20691"
},
{
"category": "external",
"summary": "RHBZ#2453003",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20691",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20691"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20691",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20691"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-28T07:40:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11329"
},
{
"category": "workaround",
"details": "Do not visit untrusted web pages or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user"
},
{
"cve": "CVE-2026-28857",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-30T12:34:50.919000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28857"
},
{
"category": "external",
"summary": "RHBZ#2453004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28857",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28857"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-28T07:40:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11329"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-28859",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-30T12:36:23.943000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A maliciously crafted web page may be able to process restricted web content outside the sandbox due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A malicious website may be able to process restricted web content outside the sandbox",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into visiting a maliciously crafted web page. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28859"
},
{
"category": "external",
"summary": "RHBZ#2453006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28859",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28859"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28859",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28859"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-28T07:40:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11329"
},
{
"category": "workaround",
"details": "Do not visit untrusted web pages or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: A malicious website may be able to process restricted web content outside the sandbox"
},
{
"cve": "CVE-2026-28871",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-03-30T12:39:07.445000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453008"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A maliciously crafted web page can cause a logic issue due to improper checks and result in a cross-site scripting attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into visiting a maliciously crafted web page. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28871"
},
{
"category": "external",
"summary": "RHBZ#2453008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453008"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28871"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-28T07:40:56+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11329"
},
{
"category": "workaround",
"details": "Do not visit untrusted web pages or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.src",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_6.x86_64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.aarch64",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.i686",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.ppc64le",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.s390x",
"AppStream-9.6.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack"
}
]
}
RHSA-2026:11814
Vulnerability from csaf_redhat - Published: 2026-04-29 16:17 - Updated: 2026-05-20 09:02Summary
Red Hat Security Advisory: webkit2gtk3 security update
Severity
Important
Notes
Topic: An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)
* webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)
* webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)
* webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)
* webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)
* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)
* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)
* webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859)
* webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.
8.8 (High)
Affected products
Fixed
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.
8.8 (High)
Affected products
Fixed
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a memory initialization issue due to improper memory handling and result in the disclosure of the internal states of the application.
6.5 (Medium)
Affected products
Fixed
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper state management.
8.8 (High)
Affected products
Fixed
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy.
5.4 (Medium)
Affected products
Fixed
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. A remote attacker may be able to cause a denial-of-service due to improper memory handling.
7.5 (High)
Affected products
Fixed
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to improper state management.
5.4 (Medium)
Affected products
Fixed
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. A malicious website can track users through web extensions due to improper state management.
4.3 (Medium)
Affected products
Fixed
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user.
4.3 (Medium)
Affected products
Fixed
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. A maliciously crafted web page may be able to process restricted web content outside the sandbox due to improper memory handling.
8.8 (High)
Affected products
Fixed
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. A maliciously crafted web page can cause a logic issue due to improper checks and result in a cross-site scripting attack.
4.3 (Medium)
Affected products
Fixed
47 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
95 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)\n\n* webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)\n\n* webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)\n\n* webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)\n\n* webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)\n\n* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)\n\n* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)\n\n* webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859)\n\n* webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:11814",
"url": "https://access.redhat.com/errata/RHSA-2026:11814"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2448781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448781"
},
{
"category": "external",
"summary": "2448782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448782"
},
{
"category": "external",
"summary": "2448786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448786"
},
{
"category": "external",
"summary": "2448787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448787"
},
{
"category": "external",
"summary": "2448788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448788"
},
{
"category": "external",
"summary": "2448789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448789"
},
{
"category": "external",
"summary": "2448790",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448790"
},
{
"category": "external",
"summary": "2448791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448791"
},
{
"category": "external",
"summary": "2448792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448792"
},
{
"category": "external",
"summary": "2448793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448793"
},
{
"category": "external",
"summary": "2448794",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448794"
},
{
"category": "external",
"summary": "2453000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453000"
},
{
"category": "external",
"summary": "2453001",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453001"
},
{
"category": "external",
"summary": "2453002",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453002"
},
{
"category": "external",
"summary": "2453003",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453003"
},
{
"category": "external",
"summary": "2453004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453004"
},
{
"category": "external",
"summary": "2453006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453006"
},
{
"category": "external",
"summary": "2453008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453008"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_11814.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2026-05-20T09:02:14+00:00",
"generator": {
"date": "2026-05-20T09:02:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2026:11814",
"initial_release_date": "2026-04-29T16:17:30+00:00",
"revision_history": [
{
"date": "2026-04-29T16:17:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-29T16:17:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-20T09:02:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el8_8.src",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el8_8.src",
"product_id": "webkit2gtk3-0:2.52.3-1.el8_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el8_8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el8_8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el8_8.i686",
"product_id": "webkit2gtk3-0:2.52.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"product_id": "webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"product_id": "webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el8_8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el8_8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el8_8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_8.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_8.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_8.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_8.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-43213",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:07:22.054000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448781"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-43213"
},
{
"category": "external",
"summary": "RHBZ#2448781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448781"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-43213",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43213"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43213",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43213"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T16:17:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11814"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
},
{
"cve": "CVE-2025-43214",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:09:29.354000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-43214"
},
{
"category": "external",
"summary": "RHBZ#2448782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-43214",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43214"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T16:17:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11814"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
},
{
"cve": "CVE-2025-43457",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2026-03-18T20:13:39.977000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448786"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-43457"
},
{
"category": "external",
"summary": "RHBZ#2448786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448786"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-43457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43457"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43457",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43457"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T16:17:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11814"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
},
{
"cve": "CVE-2025-43511",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2026-03-18T20:14:54.262000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448787"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-43511"
},
{
"category": "external",
"summary": "RHBZ#2448787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448787"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-43511",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43511"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43511",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43511"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T16:17:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11814"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2025-46299",
"cwe": {
"id": "CWE-909",
"name": "Missing Initialization of Resource"
},
"discovery_date": "2026-03-18T20:16:02.414000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448788"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a memory initialization issue due to improper memory handling and result in the disclosure of the internal states of the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may disclose internal states of the app",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-46299"
},
{
"category": "external",
"summary": "RHBZ#2448788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448788"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-46299",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46299"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-46299",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46299"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T16:17:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11814"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may disclose internal states of the app"
},
{
"cve": "CVE-2026-20608",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:17:02.437000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper state management.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20608"
},
{
"category": "external",
"summary": "RHBZ#2448789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20608",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20608"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20608",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20608"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T16:17:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11814"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20635",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:18:01.074000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448790"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20635"
},
{
"category": "external",
"summary": "RHBZ#2448790",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448790"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20635",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20635"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T16:17:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11814"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20636",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:19:05.331000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448791"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20636"
},
{
"category": "external",
"summary": "RHBZ#2448791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448791"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20636"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20636",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20636"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T16:17:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11814"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20643",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"discovery_date": "2026-03-30T12:26:44.043000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20643"
},
{
"category": "external",
"summary": "RHBZ#2453000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20643",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20643"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20643",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20643"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T16:17:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11814"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy"
},
{
"cve": "CVE-2026-20644",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:20:25.753000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448792"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20644"
},
{
"category": "external",
"summary": "RHBZ#2448792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448792"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20644",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20644"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20644",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20644"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T16:17:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11814"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20652",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:21:51.189000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A remote attacker may be able to cause a denial-of-service due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A remote attacker may be able to cause a denial-of-service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue allows a remote attacker to cause a denial of service. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20652"
},
{
"category": "external",
"summary": "RHBZ#2448793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20652",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20652"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20652",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20652"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T16:17:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11814"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: A remote attacker may be able to cause a denial-of-service"
},
{
"cve": "CVE-2026-20664",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-30T12:29:28.691000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453001"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20664"
},
{
"category": "external",
"summary": "RHBZ#2453001",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453001"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20664",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20664"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T16:17:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11814"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20665",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"discovery_date": "2026-03-30T12:31:00.597000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453002"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to improper state management.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20665"
},
{
"category": "external",
"summary": "RHBZ#2453002",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20665",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20665"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20665",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20665"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T16:17:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11814"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced"
},
{
"cve": "CVE-2026-20676",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-03-18T20:22:50.858000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448794"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A malicious website can track users through web extensions due to improper state management.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A website may be able to track users through Safari web extensions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into visiting a malicious website. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20676"
},
{
"category": "external",
"summary": "RHBZ#2448794",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448794"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20676"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20676",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20676"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T16:17:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11814"
},
{
"category": "workaround",
"details": "Do not visit untrusted websites. Also, do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: A website may be able to track users through Safari web extensions"
},
{
"cve": "CVE-2026-20691",
"cwe": {
"id": "CWE-497",
"name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
},
"discovery_date": "2026-03-30T12:32:51.727000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453003"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into visiting a maliciously crafted web page. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20691"
},
{
"category": "external",
"summary": "RHBZ#2453003",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20691",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20691"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20691",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20691"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T16:17:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11814"
},
{
"category": "workaround",
"details": "Do not visit untrusted web pages or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user"
},
{
"cve": "CVE-2026-28857",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-30T12:34:50.919000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28857"
},
{
"category": "external",
"summary": "RHBZ#2453004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28857",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28857"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T16:17:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11814"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-28859",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-30T12:36:23.943000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A maliciously crafted web page may be able to process restricted web content outside the sandbox due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A malicious website may be able to process restricted web content outside the sandbox",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into visiting a maliciously crafted web page. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28859"
},
{
"category": "external",
"summary": "RHBZ#2453006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28859",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28859"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28859",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28859"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T16:17:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11814"
},
{
"category": "workaround",
"details": "Do not visit untrusted web pages or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: A malicious website may be able to process restricted web content outside the sandbox"
},
{
"cve": "CVE-2026-28871",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-03-30T12:39:07.445000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453008"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A maliciously crafted web page can cause a logic issue due to improper checks and result in a cross-site scripting attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into visiting a maliciously crafted web page. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28871"
},
{
"category": "external",
"summary": "RHBZ#2453008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453008"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28871"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T16:17:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11814"
},
{
"category": "workaround",
"details": "Do not visit untrusted web pages or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.ppc64le",
"AppStream-8.8.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.src",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_8.x86_64",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.i686",
"AppStream-8.8.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack"
}
]
}
RHSA-2026:13845
Vulnerability from csaf_redhat - Published: 2026-05-05 18:15 - Updated: 2026-05-20 09:02Summary
Red Hat Security Advisory: webkit2gtk3 security update
Severity
Important
Notes
Topic: An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)
* webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)
* webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)
* webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)
* webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)
* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)
* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)
* webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859)
* webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.
8.8 (High)
Affected products
Fixed
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.
8.8 (High)
Affected products
Fixed
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a memory initialization issue due to improper memory handling and result in the disclosure of the internal states of the application.
6.5 (Medium)
Affected products
Fixed
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper state management.
8.8 (High)
Affected products
Fixed
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy.
5.4 (Medium)
Affected products
Fixed
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. A remote attacker may be able to cause a denial-of-service due to improper memory handling.
7.5 (High)
Affected products
Fixed
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to improper state management.
5.4 (Medium)
Affected products
Fixed
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. A malicious website can track users through web extensions due to improper state management.
4.3 (Medium)
Affected products
Fixed
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user.
4.3 (Medium)
Affected products
Fixed
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. A maliciously crafted web page may be able to process restricted web content outside the sandbox due to improper memory handling.
8.8 (High)
Affected products
Fixed
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. A maliciously crafted web page can cause a logic issue due to improper checks and result in a cross-site scripting attack.
4.3 (Medium)
Affected products
Fixed
84 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
95 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)\n\n* webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)\n\n* webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)\n\n* webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)\n\n* webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)\n\n* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)\n\n* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)\n\n* webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859)\n\n* webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:13845",
"url": "https://access.redhat.com/errata/RHSA-2026:13845"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2448781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448781"
},
{
"category": "external",
"summary": "2448782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448782"
},
{
"category": "external",
"summary": "2448786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448786"
},
{
"category": "external",
"summary": "2448787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448787"
},
{
"category": "external",
"summary": "2448788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448788"
},
{
"category": "external",
"summary": "2448789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448789"
},
{
"category": "external",
"summary": "2448790",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448790"
},
{
"category": "external",
"summary": "2448791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448791"
},
{
"category": "external",
"summary": "2448792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448792"
},
{
"category": "external",
"summary": "2448793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448793"
},
{
"category": "external",
"summary": "2448794",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448794"
},
{
"category": "external",
"summary": "2453000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453000"
},
{
"category": "external",
"summary": "2453001",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453001"
},
{
"category": "external",
"summary": "2453002",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453002"
},
{
"category": "external",
"summary": "2453003",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453003"
},
{
"category": "external",
"summary": "2453004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453004"
},
{
"category": "external",
"summary": "2453006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453006"
},
{
"category": "external",
"summary": "2453008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453008"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_13845.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2026-05-20T09:02:18+00:00",
"generator": {
"date": "2026-05-20T09:02:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2026:13845",
"initial_release_date": "2026-05-05T18:15:28+00:00",
"revision_history": [
{
"date": "2026-05-05T18:15:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-05T18:15:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-20T09:02:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el8_6.src",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el8_6.src",
"product_id": "webkit2gtk3-0:2.52.3-1.el8_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el8_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el8_6.i686",
"product_id": "webkit2gtk3-0:2.52.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"product_id": "webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"product_id": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el8_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el8_6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el8_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el8_6?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el8_6?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el8_6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_6.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_6.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_6.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-43213",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:07:22.054000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448781"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-43213"
},
{
"category": "external",
"summary": "RHBZ#2448781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448781"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-43213",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43213"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43213",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43213"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T18:15:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13845"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
},
{
"cve": "CVE-2025-43214",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:09:29.354000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-43214"
},
{
"category": "external",
"summary": "RHBZ#2448782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-43214",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43214"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T18:15:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13845"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
},
{
"cve": "CVE-2025-43457",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2026-03-18T20:13:39.977000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448786"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-43457"
},
{
"category": "external",
"summary": "RHBZ#2448786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448786"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-43457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43457"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43457",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43457"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T18:15:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13845"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
},
{
"cve": "CVE-2025-43511",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2026-03-18T20:14:54.262000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448787"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-43511"
},
{
"category": "external",
"summary": "RHBZ#2448787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448787"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-43511",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43511"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43511",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43511"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T18:15:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13845"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2025-46299",
"cwe": {
"id": "CWE-909",
"name": "Missing Initialization of Resource"
},
"discovery_date": "2026-03-18T20:16:02.414000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448788"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a memory initialization issue due to improper memory handling and result in the disclosure of the internal states of the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may disclose internal states of the app",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-46299"
},
{
"category": "external",
"summary": "RHBZ#2448788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448788"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-46299",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46299"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-46299",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46299"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T18:15:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13845"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may disclose internal states of the app"
},
{
"cve": "CVE-2026-20608",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:17:02.437000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper state management.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20608"
},
{
"category": "external",
"summary": "RHBZ#2448789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20608",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20608"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20608",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20608"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T18:15:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13845"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20635",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:18:01.074000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448790"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20635"
},
{
"category": "external",
"summary": "RHBZ#2448790",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448790"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20635",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20635"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T18:15:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13845"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20636",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:19:05.331000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448791"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20636"
},
{
"category": "external",
"summary": "RHBZ#2448791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448791"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20636"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20636",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20636"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T18:15:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13845"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20643",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"discovery_date": "2026-03-30T12:26:44.043000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20643"
},
{
"category": "external",
"summary": "RHBZ#2453000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20643",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20643"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20643",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20643"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T18:15:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13845"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy"
},
{
"cve": "CVE-2026-20644",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:20:25.753000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448792"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20644"
},
{
"category": "external",
"summary": "RHBZ#2448792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448792"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20644",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20644"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20644",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20644"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T18:15:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13845"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20652",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:21:51.189000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A remote attacker may be able to cause a denial-of-service due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A remote attacker may be able to cause a denial-of-service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue allows a remote attacker to cause a denial of service. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20652"
},
{
"category": "external",
"summary": "RHBZ#2448793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20652",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20652"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20652",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20652"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T18:15:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13845"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: A remote attacker may be able to cause a denial-of-service"
},
{
"cve": "CVE-2026-20664",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-30T12:29:28.691000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453001"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20664"
},
{
"category": "external",
"summary": "RHBZ#2453001",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453001"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20664",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20664"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T18:15:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13845"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20665",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"discovery_date": "2026-03-30T12:31:00.597000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453002"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to improper state management.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20665"
},
{
"category": "external",
"summary": "RHBZ#2453002",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20665",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20665"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20665",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20665"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T18:15:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13845"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced"
},
{
"cve": "CVE-2026-20676",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-03-18T20:22:50.858000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448794"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A malicious website can track users through web extensions due to improper state management.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A website may be able to track users through Safari web extensions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into visiting a malicious website. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20676"
},
{
"category": "external",
"summary": "RHBZ#2448794",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448794"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20676"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20676",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20676"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T18:15:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13845"
},
{
"category": "workaround",
"details": "Do not visit untrusted websites. Also, do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: A website may be able to track users through Safari web extensions"
},
{
"cve": "CVE-2026-20691",
"cwe": {
"id": "CWE-497",
"name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
},
"discovery_date": "2026-03-30T12:32:51.727000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453003"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into visiting a maliciously crafted web page. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20691"
},
{
"category": "external",
"summary": "RHBZ#2453003",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20691",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20691"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20691",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20691"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T18:15:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13845"
},
{
"category": "workaround",
"details": "Do not visit untrusted web pages or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user"
},
{
"cve": "CVE-2026-28857",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-30T12:34:50.919000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28857"
},
{
"category": "external",
"summary": "RHBZ#2453004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28857",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28857"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T18:15:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13845"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-28859",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-30T12:36:23.943000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A maliciously crafted web page may be able to process restricted web content outside the sandbox due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A malicious website may be able to process restricted web content outside the sandbox",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into visiting a maliciously crafted web page. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28859"
},
{
"category": "external",
"summary": "RHBZ#2453006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28859",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28859"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28859",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28859"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T18:15:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13845"
},
{
"category": "workaround",
"details": "Do not visit untrusted web pages or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: A malicious website may be able to process restricted web content outside the sandbox"
},
{
"cve": "CVE-2026-28871",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-03-30T12:39:07.445000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453008"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A maliciously crafted web page can cause a logic issue due to improper checks and result in a cross-site scripting attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into visiting a maliciously crafted web page. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28871"
},
{
"category": "external",
"summary": "RHBZ#2453008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453008"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28871"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-05T18:15:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13845"
},
{
"category": "workaround",
"details": "Do not visit untrusted web pages or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.aarch64",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.ppc64le",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.s390x",
"AppStream-8.6.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.src",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_6.x86_64",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.i686",
"AppStream-8.6.0.Z.TUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack"
}
]
}
RHSA-2026:14659
Vulnerability from csaf_redhat - Published: 2026-05-07 06:01 - Updated: 2026-05-20 09:02Summary
Red Hat Security Advisory: webkit2gtk3 security update
Severity
Important
Notes
Topic: An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)
* webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)
* webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)
* webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)
* webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)
* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)
* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)
* webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859)
* webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a memory initialization issue due to improper memory handling and result in the disclosure of the internal states of the application.
6.5 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper state management.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy.
5.4 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. A remote attacker may be able to cause a denial-of-service due to improper memory handling.
7.5 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to improper state management.
5.4 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. A malicious website can track users through web extensions due to improper state management.
4.3 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user.
4.3 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. A maliciously crafted web page may be able to process restricted web content outside the sandbox due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. A maliciously crafted web page can cause a logic issue due to improper checks and result in a cross-site scripting attack.
4.3 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
95 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)\n\n* webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)\n\n* webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)\n\n* webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)\n\n* webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)\n\n* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)\n\n* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)\n\n* webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859)\n\n* webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:14659",
"url": "https://access.redhat.com/errata/RHSA-2026:14659"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2448781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448781"
},
{
"category": "external",
"summary": "2448782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448782"
},
{
"category": "external",
"summary": "2448786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448786"
},
{
"category": "external",
"summary": "2448787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448787"
},
{
"category": "external",
"summary": "2448788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448788"
},
{
"category": "external",
"summary": "2448789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448789"
},
{
"category": "external",
"summary": "2448790",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448790"
},
{
"category": "external",
"summary": "2448791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448791"
},
{
"category": "external",
"summary": "2448792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448792"
},
{
"category": "external",
"summary": "2448793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448793"
},
{
"category": "external",
"summary": "2448794",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448794"
},
{
"category": "external",
"summary": "2453000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453000"
},
{
"category": "external",
"summary": "2453001",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453001"
},
{
"category": "external",
"summary": "2453002",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453002"
},
{
"category": "external",
"summary": "2453003",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453003"
},
{
"category": "external",
"summary": "2453004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453004"
},
{
"category": "external",
"summary": "2453006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453006"
},
{
"category": "external",
"summary": "2453008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453008"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_14659.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2026-05-20T09:02:37+00:00",
"generator": {
"date": "2026-05-20T09:02:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2026:14659",
"initial_release_date": "2026-05-07T06:01:49+00:00",
"revision_history": [
{
"date": "2026-05-07T06:01:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-07T06:01:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-20T09:02:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el9_4.src",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el9_4.src",
"product_id": "webkit2gtk3-0:2.52.3-1.el9_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el9_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"product_id": "webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"product": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"product_id": "webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"product_id": "webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el9_4?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"product_id": "webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el9_4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el9_4.i686",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el9_4.i686",
"product_id": "webkit2gtk3-0:2.52.3-1.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"product_id": "webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"product_id": "webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el9_4?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"product_id": "webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"product_id": "webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el9_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"product_id": "webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"product": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"product_id": "webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"product_id": "webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el9_4?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el9_4.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el9_4.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-43213",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:07:22.054000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448781"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-43213"
},
{
"category": "external",
"summary": "RHBZ#2448781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448781"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-43213",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43213"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43213",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43213"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-07T06:01:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:14659"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
},
{
"cve": "CVE-2025-43214",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:09:29.354000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-43214"
},
{
"category": "external",
"summary": "RHBZ#2448782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-43214",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43214"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-07T06:01:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:14659"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
},
{
"cve": "CVE-2025-43457",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2026-03-18T20:13:39.977000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448786"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-43457"
},
{
"category": "external",
"summary": "RHBZ#2448786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448786"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-43457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43457"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43457",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43457"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-07T06:01:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:14659"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
},
{
"cve": "CVE-2025-43511",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2026-03-18T20:14:54.262000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448787"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-43511"
},
{
"category": "external",
"summary": "RHBZ#2448787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448787"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-43511",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43511"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43511",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43511"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-07T06:01:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:14659"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2025-46299",
"cwe": {
"id": "CWE-909",
"name": "Missing Initialization of Resource"
},
"discovery_date": "2026-03-18T20:16:02.414000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448788"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a memory initialization issue due to improper memory handling and result in the disclosure of the internal states of the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may disclose internal states of the app",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-46299"
},
{
"category": "external",
"summary": "RHBZ#2448788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448788"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-46299",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46299"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-46299",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46299"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-07T06:01:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:14659"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may disclose internal states of the app"
},
{
"cve": "CVE-2026-20608",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:17:02.437000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper state management.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20608"
},
{
"category": "external",
"summary": "RHBZ#2448789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20608",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20608"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20608",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20608"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-07T06:01:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:14659"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20635",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:18:01.074000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448790"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20635"
},
{
"category": "external",
"summary": "RHBZ#2448790",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448790"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20635",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20635"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-07T06:01:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:14659"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20636",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:19:05.331000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448791"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20636"
},
{
"category": "external",
"summary": "RHBZ#2448791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448791"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20636"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20636",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20636"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-07T06:01:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:14659"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20643",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"discovery_date": "2026-03-30T12:26:44.043000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20643"
},
{
"category": "external",
"summary": "RHBZ#2453000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20643",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20643"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20643",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20643"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-07T06:01:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:14659"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy"
},
{
"cve": "CVE-2026-20644",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:20:25.753000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448792"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20644"
},
{
"category": "external",
"summary": "RHBZ#2448792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448792"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20644",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20644"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20644",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20644"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-07T06:01:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:14659"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20652",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:21:51.189000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A remote attacker may be able to cause a denial-of-service due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A remote attacker may be able to cause a denial-of-service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue allows a remote attacker to cause a denial of service. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20652"
},
{
"category": "external",
"summary": "RHBZ#2448793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20652",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20652"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20652",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20652"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-07T06:01:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:14659"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: A remote attacker may be able to cause a denial-of-service"
},
{
"cve": "CVE-2026-20664",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-30T12:29:28.691000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453001"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20664"
},
{
"category": "external",
"summary": "RHBZ#2453001",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453001"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20664",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20664"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-07T06:01:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:14659"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20665",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"discovery_date": "2026-03-30T12:31:00.597000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453002"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to improper state management.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20665"
},
{
"category": "external",
"summary": "RHBZ#2453002",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20665",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20665"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20665",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20665"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-07T06:01:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:14659"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced"
},
{
"cve": "CVE-2026-20676",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-03-18T20:22:50.858000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448794"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A malicious website can track users through web extensions due to improper state management.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A website may be able to track users through Safari web extensions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into visiting a malicious website. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20676"
},
{
"category": "external",
"summary": "RHBZ#2448794",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448794"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20676"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20676",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20676"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-07T06:01:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:14659"
},
{
"category": "workaround",
"details": "Do not visit untrusted websites. Also, do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: A website may be able to track users through Safari web extensions"
},
{
"cve": "CVE-2026-20691",
"cwe": {
"id": "CWE-497",
"name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
},
"discovery_date": "2026-03-30T12:32:51.727000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453003"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into visiting a maliciously crafted web page. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20691"
},
{
"category": "external",
"summary": "RHBZ#2453003",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20691",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20691"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20691",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20691"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-07T06:01:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:14659"
},
{
"category": "workaround",
"details": "Do not visit untrusted web pages or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user"
},
{
"cve": "CVE-2026-28857",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-30T12:34:50.919000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28857"
},
{
"category": "external",
"summary": "RHBZ#2453004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28857",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28857"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-07T06:01:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:14659"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-28859",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-30T12:36:23.943000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A maliciously crafted web page may be able to process restricted web content outside the sandbox due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A malicious website may be able to process restricted web content outside the sandbox",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into visiting a maliciously crafted web page. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28859"
},
{
"category": "external",
"summary": "RHBZ#2453006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28859",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28859"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28859",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28859"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-07T06:01:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:14659"
},
{
"category": "workaround",
"details": "Do not visit untrusted web pages or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: A malicious website may be able to process restricted web content outside the sandbox"
},
{
"cve": "CVE-2026-28871",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-03-30T12:39:07.445000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453008"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A maliciously crafted web page can cause a logic issue due to improper checks and result in a cross-site scripting attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into visiting a maliciously crafted web page. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28871"
},
{
"category": "external",
"summary": "RHBZ#2453008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453008"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28871"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-07T06:01:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:14659"
},
{
"category": "workaround",
"details": "Do not visit untrusted web pages or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.src",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-debugsource-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_4.x86_64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.aarch64",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.i686",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.ppc64le",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.s390x",
"AppStream-9.4.0.Z.EUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack"
}
]
}
RHSA-2026:16056
Vulnerability from csaf_redhat - Published: 2026-05-11 18:45 - Updated: 2026-05-20 09:04Summary
Red Hat Security Advisory: webkit2gtk3 security update
Severity
Important
Notes
Topic: An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)
* webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)
* webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)
* webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)
* webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)
* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)
* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)
* webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859)
* webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.
8.8 (High)
Affected products
Fixed
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.
8.8 (High)
Affected products
Fixed
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a memory initialization issue due to improper memory handling and result in the disclosure of the internal states of the application.
6.5 (Medium)
Affected products
Fixed
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper state management.
8.8 (High)
Affected products
Fixed
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy.
5.4 (Medium)
Affected products
Fixed
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. A remote attacker may be able to cause a denial-of-service due to improper memory handling.
7.5 (High)
Affected products
Fixed
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to improper state management.
5.4 (Medium)
Affected products
Fixed
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. A malicious website can track users through web extensions due to improper state management.
4.3 (Medium)
Affected products
Fixed
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user.
4.3 (Medium)
Affected products
Fixed
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. A maliciously crafted web page may be able to process restricted web content outside the sandbox due to improper memory handling.
8.8 (High)
Affected products
Fixed
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. A maliciously crafted web page can cause a logic issue due to improper checks and result in a cross-site scripting attack.
4.3 (Medium)
Affected products
Fixed
38 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
95 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)\n\n* webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)\n\n* webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)\n\n* webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)\n\n* webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)\n\n* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)\n\n* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)\n\n* webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859)\n\n* webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:16056",
"url": "https://access.redhat.com/errata/RHSA-2026:16056"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2448781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448781"
},
{
"category": "external",
"summary": "2448782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448782"
},
{
"category": "external",
"summary": "2448786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448786"
},
{
"category": "external",
"summary": "2448787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448787"
},
{
"category": "external",
"summary": "2448788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448788"
},
{
"category": "external",
"summary": "2448789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448789"
},
{
"category": "external",
"summary": "2448790",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448790"
},
{
"category": "external",
"summary": "2448791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448791"
},
{
"category": "external",
"summary": "2448792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448792"
},
{
"category": "external",
"summary": "2448793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448793"
},
{
"category": "external",
"summary": "2448794",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448794"
},
{
"category": "external",
"summary": "2453000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453000"
},
{
"category": "external",
"summary": "2453001",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453001"
},
{
"category": "external",
"summary": "2453002",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453002"
},
{
"category": "external",
"summary": "2453003",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453003"
},
{
"category": "external",
"summary": "2453004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453004"
},
{
"category": "external",
"summary": "2453006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453006"
},
{
"category": "external",
"summary": "2453008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453008"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_16056.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2026-05-20T09:04:52+00:00",
"generator": {
"date": "2026-05-20T09:04:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2026:16056",
"initial_release_date": "2026-05-11T18:45:01+00:00",
"revision_history": [
{
"date": "2026-05-11T18:45:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-11T18:45:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-20T09:04:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el8_4.src",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el8_4.src",
"product_id": "webkit2gtk3-0:2.52.3-1.el8_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el8_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el8_4.i686",
"product_id": "webkit2gtk3-0:2.52.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"product_id": "webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"product_id": "webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el8_4?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el8_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_4.src as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-43213",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:07:22.054000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448781"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-43213"
},
{
"category": "external",
"summary": "RHBZ#2448781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448781"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-43213",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43213"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43213",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43213"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T18:45:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16056"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
},
{
"cve": "CVE-2025-43214",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:09:29.354000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-43214"
},
{
"category": "external",
"summary": "RHBZ#2448782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-43214",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43214"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T18:45:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16056"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
},
{
"cve": "CVE-2025-43457",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2026-03-18T20:13:39.977000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448786"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-43457"
},
{
"category": "external",
"summary": "RHBZ#2448786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448786"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-43457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43457"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43457",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43457"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T18:45:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16056"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
},
{
"cve": "CVE-2025-43511",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2026-03-18T20:14:54.262000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448787"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-43511"
},
{
"category": "external",
"summary": "RHBZ#2448787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448787"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-43511",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43511"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43511",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43511"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T18:45:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16056"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2025-46299",
"cwe": {
"id": "CWE-909",
"name": "Missing Initialization of Resource"
},
"discovery_date": "2026-03-18T20:16:02.414000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448788"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a memory initialization issue due to improper memory handling and result in the disclosure of the internal states of the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may disclose internal states of the app",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-46299"
},
{
"category": "external",
"summary": "RHBZ#2448788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448788"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-46299",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46299"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-46299",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46299"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T18:45:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16056"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may disclose internal states of the app"
},
{
"cve": "CVE-2026-20608",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:17:02.437000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper state management.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20608"
},
{
"category": "external",
"summary": "RHBZ#2448789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20608",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20608"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20608",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20608"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T18:45:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16056"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20635",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:18:01.074000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448790"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20635"
},
{
"category": "external",
"summary": "RHBZ#2448790",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448790"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20635",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20635"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T18:45:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16056"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20636",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:19:05.331000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448791"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20636"
},
{
"category": "external",
"summary": "RHBZ#2448791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448791"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20636"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20636",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20636"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T18:45:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16056"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20643",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"discovery_date": "2026-03-30T12:26:44.043000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20643"
},
{
"category": "external",
"summary": "RHBZ#2453000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20643",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20643"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20643",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20643"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T18:45:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16056"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy"
},
{
"cve": "CVE-2026-20644",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:20:25.753000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448792"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20644"
},
{
"category": "external",
"summary": "RHBZ#2448792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448792"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20644",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20644"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20644",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20644"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T18:45:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16056"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20652",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:21:51.189000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A remote attacker may be able to cause a denial-of-service due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A remote attacker may be able to cause a denial-of-service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue allows a remote attacker to cause a denial of service. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20652"
},
{
"category": "external",
"summary": "RHBZ#2448793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20652",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20652"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20652",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20652"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T18:45:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16056"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: A remote attacker may be able to cause a denial-of-service"
},
{
"cve": "CVE-2026-20664",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-30T12:29:28.691000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453001"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20664"
},
{
"category": "external",
"summary": "RHBZ#2453001",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453001"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20664",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20664"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T18:45:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16056"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20665",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"discovery_date": "2026-03-30T12:31:00.597000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453002"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to improper state management.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20665"
},
{
"category": "external",
"summary": "RHBZ#2453002",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20665",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20665"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20665",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20665"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T18:45:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16056"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced"
},
{
"cve": "CVE-2026-20676",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-03-18T20:22:50.858000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448794"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A malicious website can track users through web extensions due to improper state management.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A website may be able to track users through Safari web extensions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into visiting a malicious website. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20676"
},
{
"category": "external",
"summary": "RHBZ#2448794",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448794"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20676"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20676",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20676"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T18:45:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16056"
},
{
"category": "workaround",
"details": "Do not visit untrusted websites. Also, do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: A website may be able to track users through Safari web extensions"
},
{
"cve": "CVE-2026-20691",
"cwe": {
"id": "CWE-497",
"name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
},
"discovery_date": "2026-03-30T12:32:51.727000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453003"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into visiting a maliciously crafted web page. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20691"
},
{
"category": "external",
"summary": "RHBZ#2453003",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20691",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20691"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20691",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20691"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T18:45:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16056"
},
{
"category": "workaround",
"details": "Do not visit untrusted web pages or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user"
},
{
"cve": "CVE-2026-28857",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-30T12:34:50.919000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28857"
},
{
"category": "external",
"summary": "RHBZ#2453004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28857",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28857"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T18:45:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16056"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-28859",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-30T12:36:23.943000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A maliciously crafted web page may be able to process restricted web content outside the sandbox due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A malicious website may be able to process restricted web content outside the sandbox",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into visiting a maliciously crafted web page. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28859"
},
{
"category": "external",
"summary": "RHBZ#2453006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28859",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28859"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28859",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28859"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T18:45:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16056"
},
{
"category": "workaround",
"details": "Do not visit untrusted web pages or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: A malicious website may be able to process restricted web content outside the sandbox"
},
{
"cve": "CVE-2026-28871",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-03-30T12:39:07.445000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453008"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A maliciously crafted web page can cause a logic issue due to improper checks and result in a cross-site scripting attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into visiting a maliciously crafted web page. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28871"
},
{
"category": "external",
"summary": "RHBZ#2453008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453008"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28871"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T18:45:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16056"
},
{
"category": "workaround",
"details": "Do not visit untrusted web pages or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.AUS:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-debugsource-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-0:2.52.3-1.el8_4.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack"
}
]
}
RHSA-2026:16695
Vulnerability from csaf_redhat - Published: 2026-05-13 02:03 - Updated: 2026-05-20 09:04Summary
Red Hat Security Advisory: webkit2gtk3 security update
Severity
Important
Notes
Topic: An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)
* webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)
* webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)
* webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)
* webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)
* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)
* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)
* webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859)
* webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a memory initialization issue due to improper memory handling and result in the disclosure of the internal states of the application.
6.5 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper state management.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy.
5.4 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. A remote attacker may be able to cause a denial-of-service due to improper memory handling.
7.5 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to improper state management.
5.4 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. A malicious website can track users through web extensions due to improper state management.
4.3 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user.
4.3 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. A maliciously crafted web page may be able to process restricted web content outside the sandbox due to improper memory handling.
8.8 (High)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in WebKitGTK. A maliciously crafted web page can cause a logic issue due to improper checks and result in a cross-site scripting attack.
4.3 (Medium)
Affected products
Fixed
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
95 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)\n\n* webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)\n\n* webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)\n\n* webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)\n\n* webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)\n\n* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)\n\n* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)\n\n* webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859)\n\n* webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:16695",
"url": "https://access.redhat.com/errata/RHSA-2026:16695"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2448781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448781"
},
{
"category": "external",
"summary": "2448782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448782"
},
{
"category": "external",
"summary": "2448786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448786"
},
{
"category": "external",
"summary": "2448787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448787"
},
{
"category": "external",
"summary": "2448788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448788"
},
{
"category": "external",
"summary": "2448789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448789"
},
{
"category": "external",
"summary": "2448790",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448790"
},
{
"category": "external",
"summary": "2448791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448791"
},
{
"category": "external",
"summary": "2448792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448792"
},
{
"category": "external",
"summary": "2448793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448793"
},
{
"category": "external",
"summary": "2448794",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448794"
},
{
"category": "external",
"summary": "2453000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453000"
},
{
"category": "external",
"summary": "2453001",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453001"
},
{
"category": "external",
"summary": "2453002",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453002"
},
{
"category": "external",
"summary": "2453003",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453003"
},
{
"category": "external",
"summary": "2453004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453004"
},
{
"category": "external",
"summary": "2453006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453006"
},
{
"category": "external",
"summary": "2453008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453008"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_16695.json"
}
],
"title": "Red Hat Security Advisory: webkit2gtk3 security update",
"tracking": {
"current_release_date": "2026-05-20T09:04:54+00:00",
"generator": {
"date": "2026-05-20T09:04:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2026:16695",
"initial_release_date": "2026-05-13T02:03:06+00:00",
"revision_history": [
{
"date": "2026-05-13T02:03:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-13T02:03:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-20T09:04:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el9_2.src",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el9_2.src",
"product_id": "webkit2gtk3-0:2.52.3-1.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el9_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"product_id": "webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"product_id": "webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"product_id": "webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el9_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el9_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el9_2.i686",
"product_id": "webkit2gtk3-0:2.52.3-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"product_id": "webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"product_id": "webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el9_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el9_2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"product_id": "webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"product_id": "webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"product_id": "webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el9_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"product_id": "webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3@2.52.3-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"product_id": "webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel@2.52.3-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"product_id": "webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc@2.52.3-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"product_id": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel@2.52.3-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"product_id": "webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debugsource@2.52.3-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"product_id": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-debuginfo@2.52.3-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"product_id": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-devel-debuginfo@2.52.3-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"product_id": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-debuginfo@2.52.3-1.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"product": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"product_id": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/webkit2gtk3-jsc-devel-debuginfo@2.52.3-1.el9_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el9_2.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-0:2.52.3-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
},
"product_reference": "webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-43213",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:07:22.054000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448781"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-43213"
},
{
"category": "external",
"summary": "RHBZ#2448781",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448781"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-43213",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43213"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43213",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43213"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-13T02:03:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16695"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
},
{
"cve": "CVE-2025-43214",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:09:29.354000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448782"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-43214"
},
{
"category": "external",
"summary": "RHBZ#2448782",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448782"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-43214",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43214"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43214",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43214"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-13T02:03:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16695"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
},
{
"cve": "CVE-2025-43457",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2026-03-18T20:13:39.977000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448786"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-43457"
},
{
"category": "external",
"summary": "RHBZ#2448786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448786"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-43457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43457"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43457",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43457"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-13T02:03:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16695"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash"
},
{
"cve": "CVE-2025-43511",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2026-03-18T20:14:54.262000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448787"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-43511"
},
{
"category": "external",
"summary": "RHBZ#2448787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448787"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-43511",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43511"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-43511",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43511"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-13T02:03:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16695"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2025-46299",
"cwe": {
"id": "CWE-909",
"name": "Missing Initialization of Resource"
},
"discovery_date": "2026-03-18T20:16:02.414000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448788"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a memory initialization issue due to improper memory handling and result in the disclosure of the internal states of the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may disclose internal states of the app",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-46299"
},
{
"category": "external",
"summary": "RHBZ#2448788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448788"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-46299",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46299"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-46299",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46299"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-13T02:03:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16695"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may disclose internal states of the app"
},
{
"cve": "CVE-2026-20608",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:17:02.437000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448789"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper state management.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20608"
},
{
"category": "external",
"summary": "RHBZ#2448789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20608",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20608"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20608",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20608"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-13T02:03:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16695"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20635",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:18:01.074000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448790"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20635"
},
{
"category": "external",
"summary": "RHBZ#2448790",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448790"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20635",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20635"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-13T02:03:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16695"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20636",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:19:05.331000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448791"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20636"
},
{
"category": "external",
"summary": "RHBZ#2448791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448791"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20636"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20636",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20636"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-13T02:03:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16695"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20643",
"cwe": {
"id": "CWE-346",
"name": "Origin Validation Error"
},
"discovery_date": "2026-03-30T12:26:44.043000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20643"
},
{
"category": "external",
"summary": "RHBZ#2453000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20643",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20643"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20643",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20643"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-13T02:03:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16695"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy"
},
{
"cve": "CVE-2026-20644",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:20:25.753000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448792"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20644"
},
{
"category": "external",
"summary": "RHBZ#2448792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448792"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20644",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20644"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20644",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20644"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-13T02:03:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16695"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20652",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T20:21:51.189000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448793"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A remote attacker may be able to cause a denial-of-service due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A remote attacker may be able to cause a denial-of-service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue allows a remote attacker to cause a denial of service. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20652"
},
{
"category": "external",
"summary": "RHBZ#2448793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20652",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20652"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20652",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20652"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-13T02:03:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16695"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: A remote attacker may be able to cause a denial-of-service"
},
{
"cve": "CVE-2026-20664",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-30T12:29:28.691000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453001"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20664"
},
{
"category": "external",
"summary": "RHBZ#2453001",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453001"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20664",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20664"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20664",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20664"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-13T02:03:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16695"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-20665",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"discovery_date": "2026-03-30T12:31:00.597000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453002"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to improper state management.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20665"
},
{
"category": "external",
"summary": "RHBZ#2453002",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20665",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20665"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20665",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20665"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-13T02:03:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16695"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced"
},
{
"cve": "CVE-2026-20676",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-03-18T20:22:50.858000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448794"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A malicious website can track users through web extensions due to improper state management.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A website may be able to track users through Safari web extensions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into visiting a malicious website. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20676"
},
{
"category": "external",
"summary": "RHBZ#2448794",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448794"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20676"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20676",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20676"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0001.html",
"url": "https://webkitgtk.org/security/WSA-2026-0001.html"
}
],
"release_date": "2026-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-13T02:03:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16695"
},
{
"category": "workaround",
"details": "Do not visit untrusted websites. Also, do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: A website may be able to track users through Safari web extensions"
},
{
"cve": "CVE-2026-20691",
"cwe": {
"id": "CWE-497",
"name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
},
"discovery_date": "2026-03-30T12:32:51.727000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453003"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A maliciously crafted web page can cause an authorization issue due to improper state management and may be able to fingerprint the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into visiting a maliciously crafted web page. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-20691"
},
{
"category": "external",
"summary": "RHBZ#2453003",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453003"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-20691",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20691"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-20691",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20691"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-13T02:03:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16695"
},
{
"category": "workaround",
"details": "Do not visit untrusted web pages or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: A maliciously crafted webpage may be able to fingerprint the user"
},
{
"cve": "CVE-2026-28857",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-30T12:34:50.919000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to trick a user into processing or loading malicious web content. Due to this reason, this flaw has been rated with an important severity.\nAdditionally, this issue can cause an unexpected process crash but the possibility of remote code execution is not discarded.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28857"
},
{
"category": "external",
"summary": "RHBZ#2453004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28857",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28857"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28857",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28857"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-13T02:03:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16695"
},
{
"category": "workaround",
"details": "Do not process or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash"
},
{
"cve": "CVE-2026-28859",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-30T12:36:23.943000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453006"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A maliciously crafted web page may be able to process restricted web content outside the sandbox due to improper memory handling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: A malicious website may be able to process restricted web content outside the sandbox",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into visiting a maliciously crafted web page. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28859"
},
{
"category": "external",
"summary": "RHBZ#2453006",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453006"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28859",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28859"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28859",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28859"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-13T02:03:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16695"
},
{
"category": "workaround",
"details": "Do not visit untrusted web pages or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "webkitgtk: A malicious website may be able to process restricted web content outside the sandbox"
},
{
"cve": "CVE-2026-28871",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-03-30T12:39:07.445000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453008"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in WebKitGTK. A maliciously crafted web page can cause a logic issue due to improper checks and result in a cross-site scripting attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to trick a user into visiting a maliciously crafted web page. Due to this reason, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28871"
},
{
"category": "external",
"summary": "RHBZ#2453008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453008"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28871"
},
{
"category": "external",
"summary": "https://webkitgtk.org/security/WSA-2026-0002.html",
"url": "https://webkitgtk.org/security/WSA-2026-0002.html"
}
],
"release_date": "2026-03-28T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-13T02:03:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:16695"
},
{
"category": "workaround",
"details": "Do not visit untrusted web pages or load untrusted web content with WebKitGTK.\n\nIn Red Hat Enterprise Linux 7, the following packages require WebKitGTK4: evolution-data-server, glade, gnome-boxes, gnome-initial-setup, gnome-online-accounts, gnome-shell, shotwell, sushi and yelp.\n\nThis vulnerability can only be exploited when these packages are installed in the system and being used via a graphical interface to process untrusted web content, via GNOME for example. In gnome-shell, the vulnerability can be exploited by an attacker from the local network without user interaction.\n\nTo mitigate this vulnerability, consider removing these packages. Note that some of these packages are required by GNOME, removing them will also remove GNOME and other packages, breaking functionality. However, the server can still be used via the terminal interface.\n\nAdditionally, WebKitGTK3 is not required by any package. Therefore, it can be removed without consequences or break of functionality.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.src",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-debugsource-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-devel-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-debuginfo-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-0:2.52.3-1.el9_2.x86_64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.aarch64",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.i686",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.ppc64le",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.s390x",
"AppStream-9.2.0.Z.E4S:webkit2gtk3-jsc-devel-debuginfo-0:2.52.3-1.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…