Release date:
2026-04-30 10:10:15 UTC
Description:
- Update to 2.50.6 to fix the following vulnerabilities (WSA-2026-0001):
- CVE-2025-43213: type confusion in JavaScriptCore (fixed in 2.50.5)
- CVE-2025-43214: out-of-bounds read in WebCore (fixed in 2.50.5)
- CVE-2025-43457: integer overflow in WebKit canvas rendering (fixed in 2.50.6)
- CVE-2025-43511: memory corruption in WebRTC (fixed in 2.50.5)
- CVE-2026-20608: use-after-free in WebKit DOM (fixed in 2.50.6)
- CVE-2026-20635: out-of-bounds access in JavaScriptCore (fixed in 2.50.6)
- CVE-2026-20636: type confusion in WebAssembly (fixed in 2.50.6)
- CVE-2026-20644: cross-origin issue in WebKit Storage (fixed in 2.50.6)
- CVE-2026-20652: memory corruption in MediaStream (fixed in 2.50.6)
- Disable %{gpgverify} step: upstream's signing key is DSA-1024 which
EL9 crypto-policies reject; keyring retained for manual verification
Updated packages:
-
webkit2gtk3-2.50.6-1.el9_6.tuxcare.els1.x86_64.rpm
sha:05f7aa71145adaf61015787d36e08dbdcfc9cc48388b38d2dd643e418b159205
-
webkit2gtk3-devel-2.50.6-1.el9_6.tuxcare.els1.x86_64.rpm
sha:bde2f9e4cdbf367e3e29eb0d33c4771282ef8ceea72bc0b4dd9cc6e26592f9e2
-
webkit2gtk3-jsc-2.50.6-1.el9_6.tuxcare.els1.x86_64.rpm
sha:b861b7c9018466eec966ca1b79af3f53925aa16e4b647bcec0121e04ca58020b
-
webkit2gtk3-jsc-devel-2.50.6-1.el9_6.tuxcare.els1.x86_64.rpm
sha:fe77468261f2b143a4998b710c1fb4c605d6b4f31e9f67a49002e644c706dbb9
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
