-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-6172-1 [email protected]
https://www.debian.org/security/ Alberto Garcia
March 21, 2026 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : webkit2gtk
CVE ID : CVE-2025-43214 CVE-2025-43457 CVE-2025-43511 CVE-2026-20608
CVE-2026-20635 CVE-2026-20636 CVE-2026-20644 CVE-2026-20652
CVE-2026-20676
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2025-43214
shandikri discovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2025-43457
Gary Kwong and Hossein Lotfi discovered that processing
maliciously crafted web content may lead to an unexpected process
crash.
CVE-2025-43511
Lee Dong Ha discovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2026-20608
HanQing and Nan Wang discovered that processing maliciously
crafted web content may lead to an unexpected process crash.
CVE-2026-20635
EntryHi discovered that processing maliciously crafted web content
may lead to an unexpected process crash.
CVE-2026-20636
EntryHi discovered that processing maliciously crafted web content
may lead to an unexpected process crash.
CVE-2026-20644
HanQing and Nan Wang discovered that processing maliciously
crafted web content may lead to an unexpected process crash.
CVE-2026-20652
Nathaniel Oh discovered that a remote attacker may be able to
cause a denial-of-service.
CVE-2026-20676
Tom Van Goethem discovered that a website may be able to track
users through web extensions.
For the oldstable distribution (bookworm), these problems have been fixed
in version 2.50.6-1~deb12u1.
For the stable distribution (trixie), these problems have been fixed in
version 2.50.6-1~deb13u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmm+cVcACgkQAAyEYu0C
2AKCoQ//SylrhEmvavx0NjdeEleWEbbZRkejV/EUWc9VPT8g31euIAnpbBATUl80
/4MEPOoSdVMzsMhKns6/bCVI7DwgywjCEx5LGO4Ph5lHRe/5WwUiFUYGp+sshMp9
wO2vRbotgqaZuDlZ+Stg91RHWzXN8H8eBlTbEev5CJcrR319sden1haEVQu52bIZ
MCOtuWW1RSu7VUkXd8y4U9/7ClFxgPvA5wgqA5v8CiFcX8C/Nfo1l43l8mitr0wd
in4Hc1F5k9M2sEsoYCLBXggSlD0bzt67zhoWa7cZPng+Quzf5lYR/SBi/Pvp+xp8
d4M2KQlcoSGN8R3LpvPyBHjJCOZN145MrIRPLnJnaUNn535vQRXxDmg2wKaIMflF
8iB25AA/KdNBDtYPk816Dp087kn2uHKfu1IWC3VKB8GGbn5wkxZc79p/CUpfl5qS
yakXl7TztH+042wtOVnvY5kaa8D1egpxcaI1Am4ePgvqoMaEvwQDXwCxbK/MT9QV
4u8/WEyYZZ1KRZePvjInb3F3eo9T/CGrz8L0lSY3Rnvjed5IXTtr4JRxNqCx4bQz
sj+1iZqk1cswL4ZJVcJn3u4BAqAXcP4dST1Wd6XtJHGoAp05UklzrN4sdlbGKE/Q
xxbQ2Oy1YAFlBjuXP54KR2YSPBWWtSCf5DBqVHDbwysByi/flYg=
=AdCU
-----END PGP SIGNATURE-----
