{ "document": { "aggregate_severity": { "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "Update to 2.44.4\n- CVE-2023-42950: fix a use after free issue\n- CVE-2024-27851: fix processing maliciously crafted web content may lead to arbitrary code execution\n- CVE-2024-27820: fix processing web content may lead to arbitrary code execution\n- CVE-2024-4558: fix use after free in ANGLE", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/advisories/2025/clsa-2025_1751894976.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976" } ], "tracking": { "current_release_date": "2026-04-30T01:04:14Z", "generator": { "date": "2026-04-30T01:04:14Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1751894976", "initial_release_date": "2025-07-07T13:32:21Z", "revision_history": [ { "date": "2025-07-07T13:32:21Z", "number": "1", "summary": "Initial version" }, { "date": "2026-02-16T09:28:45Z", "number": "2", "summary": "Update document" }, { "date": "2026-04-29T15:08:42Z", "number": "3", "summary": "Update document" }, { "date": "2026-04-30T01:04:14Z", "number": "4", "summary": "Update document" } ], "status": "final", "version": "4" }, "title": "webkit2gtk3: Fix of 4 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "product": { "name": "webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "product_id": "webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/webkit2gtk3-jsc@2.44.4-1.el9.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "product": { "name": "webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "product_id": "webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/webkit2gtk3-devel@2.44.4-1.el9.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "product": { "name": "webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "product_id": "webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/webkit2gtk3-jsc-devel@2.44.4-1.el9.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "product": { "name": "webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "product_id": "webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/webkit2gtk3@2.44.4-1.el9.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "product": { "name": "webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "product_id": "webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/webkit2gtk3@2.38.5-1.el9.3.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "product": { "name": "webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "product_id": "webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/webkit2gtk3-jsc@2.38.5-1.el9.3.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "product": { "name": "webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "product_id": "webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/webkit2gtk3-jsc-devel@2.38.5-1.el9.3.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "product": { "name": "webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "product_id": "webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/webkit2gtk3-devel@2.38.5-1.el9.3.tuxcare.els1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "product": { "name": "webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "product_id": "webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/webkit2gtk3@2.38.5-1.el9.3.tuxcare.els1?arch=i686" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "product": { "name": "webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "product_id": "webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/webkit2gtk3-jsc@2.38.5-1.el9.3.tuxcare.els1?arch=i686" } } }, { "category": "product_version", "name": "webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "product": { "name": "webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "product_id": "webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/webkit2gtk3-jsc-devel@2.38.5-1.el9.3.tuxcare.els1?arch=i686" } } }, { "category": "product_version", "name": "webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "product": { "name": "webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "product_id": "webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/webkit2gtk3-devel@2.38.5-1.el9.3.tuxcare.els1?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64" }, "product_reference": "webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" }, "product_reference": "webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" }, "product_reference": "webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64" }, "product_reference": "webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686" }, "product_reference": "webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" }, "product_reference": "webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" }, "product_reference": "webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686" }, "product_reference": "webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" }, "product_reference": "webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686" }, "product_reference": "webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" }, "product_reference": "webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686" }, "product_reference": "webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-42852", "notes": [ { "category": "description", "text": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-42852" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2023/Oct/19", "url": "http://seclists.org/fulldisclosure/2023/Oct/19" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2023/Oct/22", "url": "http://seclists.org/fulldisclosure/2023/Oct/22" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2023/Oct/23", "url": "http://seclists.org/fulldisclosure/2023/Oct/23" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2023/Oct/24", "url": "http://seclists.org/fulldisclosure/2023/Oct/24" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2023/Oct/25", "url": "http://seclists.org/fulldisclosure/2023/Oct/25" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2023/Oct/27", "url": "http://seclists.org/fulldisclosure/2023/Oct/27" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2023/11/15/1", "url": "http://www.openwall.com/lists/oss-security/2023/11/15/1" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPPMOWFYZODONTA3RLZOKSGNR4DELGG2/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S3O7ITSBZDHLBM5OG22K6RZAHRRTGECM/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTCZGQPRDAOPP6NK4CIDJKIPMBWD5J7K/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202401-33", "url": "https://security.gentoo.org/glsa/202401-33" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213981", "url": "https://support.apple.com/en-us/HT213981" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213982", "url": "https://support.apple.com/en-us/HT213982" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213984", "url": "https://support.apple.com/en-us/HT213984" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213986", "url": "https://support.apple.com/en-us/HT213986" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213987", "url": "https://support.apple.com/en-us/HT213987" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213988", "url": "https://support.apple.com/en-us/HT213988" }, { "category": "external", "summary": "https://support.apple.com/kb/HT213984", "url": "https://support.apple.com/kb/HT213984" }, { "category": "external", "summary": "https://www.debian.org/security/2023/dsa-5557", "url": "https://www.debian.org/security/2023/dsa-5557" } ], "release_date": "2023-10-25T19:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-07T13:29:38Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976" }, { "category": "none_available", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-38595", "notes": [ { "category": "description", "text": "The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-38595" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2023/08/02/1", "url": "http://www.openwall.com/lists/oss-security/2023/08/02/1" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202401-04", "url": "https://security.gentoo.org/glsa/202401-04" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213841", "url": "https://support.apple.com/en-us/HT213841" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213843", "url": "https://support.apple.com/en-us/HT213843" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213846", "url": "https://support.apple.com/en-us/HT213846" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213847", "url": "https://support.apple.com/en-us/HT213847" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213848", "url": "https://support.apple.com/en-us/HT213848" }, { "category": "external", "summary": "https://www.debian.org/security/2023/dsa-5468", "url": "https://www.debian.org/security/2023/dsa-5468" } ], "release_date": "2023-07-27T01:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-07T13:29:38Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976" }, { "category": "none_available", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-42875", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory handling.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-42875" } ], "release_date": "2025-05-15T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-07T13:29:38Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976" }, { "category": "none_available", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-40414", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 10, iOS 17 and iPadOS 17, tvOS 17, macOS Sonoma 14, Safari 17. Processing web content may lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-40414" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/02/05/8", "url": "http://www.openwall.com/lists/oss-security/2024/02/05/8" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213936", "url": "https://support.apple.com/en-us/HT213936" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213937", "url": "https://support.apple.com/en-us/HT213937" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213938", "url": "https://support.apple.com/en-us/HT213938" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213940", "url": "https://support.apple.com/en-us/HT213940" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213941", "url": "https://support.apple.com/en-us/HT213941" } ], "release_date": "2024-01-10T22:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-07T13:29:38Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976" }, { "category": "none_available", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2023-38592", "notes": [ { "category": "description", "text": "A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-38592" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2023/08/02/1", "url": "http://www.openwall.com/lists/oss-security/2023/08/02/1" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202401-04", "url": "https://security.gentoo.org/glsa/202401-04" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213841", "url": "https://support.apple.com/en-us/HT213841" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213843", "url": "https://support.apple.com/en-us/HT213843" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213846", "url": "https://support.apple.com/en-us/HT213846" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213848", "url": "https://support.apple.com/en-us/HT213848" }, { "category": "external", "summary": "https://www.debian.org/security/2023/dsa-5468", "url": "https://www.debian.org/security/2023/dsa-5468" } ], "release_date": "2023-07-28T05:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-07T13:29:38Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976" }, { "category": "none_available", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-38594", "notes": [ { "category": "description", "text": "The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-38594" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2023/08/02/1", "url": "http://www.openwall.com/lists/oss-security/2023/08/02/1" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202401-04", "url": "https://security.gentoo.org/glsa/202401-04" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213841", "url": "https://support.apple.com/en-us/HT213841" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213842", "url": "https://support.apple.com/en-us/HT213842" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213843", "url": "https://support.apple.com/en-us/HT213843" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213846", "url": "https://support.apple.com/en-us/HT213846" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213847", "url": "https://support.apple.com/en-us/HT213847" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213848", "url": "https://support.apple.com/en-us/HT213848" }, { "category": "external", "summary": "https://www.debian.org/security/2023/dsa-5468", "url": "https://www.debian.org/security/2023/dsa-5468" } ], "release_date": "2023-07-27T00:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-07T13:29:38Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976" }, { "category": "none_available", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-40397", "notes": [ { "category": "description", "text": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-40397" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2023/09/11/1", "url": "http://www.openwall.com/lists/oss-security/2023/09/11/1" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202401-04", "url": "https://security.gentoo.org/glsa/202401-04" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213843", "url": "https://support.apple.com/en-us/HT213843" } ], "release_date": "2023-09-06T21:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-07T13:29:38Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976" }, { "category": "none_available", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2023-32393", "notes": [ { "category": "description", "text": "The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing web content may lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-32393" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202401-04", "url": "https://security.gentoo.org/glsa/202401-04" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213599", "url": "https://support.apple.com/en-us/HT213599" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213601", "url": "https://support.apple.com/en-us/HT213601" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213605", "url": "https://support.apple.com/en-us/HT213605" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213606", "url": "https://support.apple.com/en-us/HT213606" } ], "release_date": "2023-07-27T01:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-07T13:29:38Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976" }, { "category": "none_available", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-38597", "notes": [ { "category": "description", "text": "The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-38597" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2023/08/02/1", "url": "http://www.openwall.com/lists/oss-security/2023/08/02/1" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202401-04", "url": "https://security.gentoo.org/glsa/202401-04" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213841", "url": "https://support.apple.com/en-us/HT213841" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213842", "url": "https://support.apple.com/en-us/HT213842" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213843", "url": "https://support.apple.com/en-us/HT213843" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213847", "url": "https://support.apple.com/en-us/HT213847" }, { "category": "external", "summary": "https://www.debian.org/security/2023/dsa-5468", "url": "https://www.debian.org/security/2023/dsa-5468" } ], "release_date": "2023-07-27T00:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-07T13:29:38Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976" }, { "category": "none_available", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-32359", "notes": [ { "category": "description", "text": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user's password may be read aloud by VoiceOver.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-32359" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2023/Oct/23", "url": "http://seclists.org/fulldisclosure/2023/Oct/23" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2023/11/15/1", "url": "http://www.openwall.com/lists/oss-security/2023/11/15/1" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202401-33", "url": "https://security.gentoo.org/glsa/202401-33" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213981", "url": "https://support.apple.com/en-us/HT213981" } ], "release_date": "2023-10-25T19:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-07T13:29:38Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976" }, { "category": "none_available", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-38600", "notes": [ { "category": "description", "text": "The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-38600" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2023/08/02/1", "url": "http://www.openwall.com/lists/oss-security/2023/08/02/1" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202401-04", "url": "https://security.gentoo.org/glsa/202401-04" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213841", "url": "https://support.apple.com/en-us/HT213841" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213843", "url": "https://support.apple.com/en-us/HT213843" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213846", "url": "https://support.apple.com/en-us/HT213846" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213847", "url": "https://support.apple.com/en-us/HT213847" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213848", "url": "https://support.apple.com/en-us/HT213848" }, { "category": "external", "summary": "https://www.debian.org/security/2023/dsa-5468", "url": "https://www.debian.org/security/2023/dsa-5468" } ], "release_date": "2023-07-27T01:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-07T13:29:38Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976" }, { "category": "none_available", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-32885", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content may lead to arbitrary code execution", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-32885" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213341", "url": "https://support.apple.com/en-us/HT213341" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213345", "url": "https://support.apple.com/en-us/HT213345" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213346", "url": "https://support.apple.com/en-us/HT213346" } ], "release_date": "2023-05-08T20:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-07T13:29:38Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976" }, { "category": "none_available", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-27851", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "The issue was addressed with improved bounds checks. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing maliciously crafted web content may lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-27851" }, { "category": "external", "summary": "https://support.apple.com/en-us/120896", "url": "https://support.apple.com/en-us/120896" }, { "category": "external", "summary": "https://support.apple.com/en-us/120901", "url": "https://support.apple.com/en-us/120901" }, { "category": "external", "summary": "https://support.apple.com/en-us/120902", "url": "https://support.apple.com/en-us/120902" }, { "category": "external", "summary": "https://support.apple.com/en-us/120903", "url": "https://support.apple.com/en-us/120903" }, { "category": "external", "summary": "https://support.apple.com/en-us/120905", "url": "https://support.apple.com/en-us/120905" }, { "category": "external", "summary": "https://support.apple.com/en-us/120906", "url": "https://support.apple.com/en-us/120906" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2024/Jun/5", "url": "http://seclists.org/fulldisclosure/2024/Jun/5" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT214101", "url": "https://support.apple.com/en-us/HT214101" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT214102", "url": "https://support.apple.com/en-us/HT214102" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT214103", "url": "https://support.apple.com/en-us/HT214103" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT214104", "url": "https://support.apple.com/en-us/HT214104" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT214106", "url": "https://support.apple.com/en-us/HT214106" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT214108", "url": "https://support.apple.com/en-us/HT214108" }, { "category": "external", "summary": "https://support.apple.com/kb/HT214101", "url": "https://support.apple.com/kb/HT214101" }, { "category": "external", "summary": "https://support.apple.com/kb/HT214102", "url": "https://support.apple.com/kb/HT214102" }, { "category": "external", "summary": "https://support.apple.com/kb/HT214104", "url": "https://support.apple.com/kb/HT214104" }, { "category": "external", "summary": "https://support.apple.com/kb/HT214106", "url": "https://support.apple.com/kb/HT214106" }, { "category": "external", "summary": "https://support.apple.com/kb/HT214108", "url": "https://support.apple.com/kb/HT214108" } ], "release_date": "2024-06-10T21:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-07T13:29:38Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976" }, { "category": "none_available", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-27820", "notes": [ { "category": "description", "text": "The issue was addressed with improved memory handling. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing web content may lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-27820" }, { "category": "external", "summary": "https://support.apple.com/en-us/120896", "url": "https://support.apple.com/en-us/120896" }, { "category": "external", "summary": "https://support.apple.com/en-us/120898", "url": "https://support.apple.com/en-us/120898" }, { "category": "external", "summary": "https://support.apple.com/en-us/120901", "url": "https://support.apple.com/en-us/120901" }, { "category": "external", "summary": "https://support.apple.com/en-us/120902", "url": "https://support.apple.com/en-us/120902" }, { "category": "external", "summary": "https://support.apple.com/en-us/120903", "url": "https://support.apple.com/en-us/120903" }, { "category": "external", "summary": "https://support.apple.com/en-us/120905", "url": "https://support.apple.com/en-us/120905" }, { "category": "external", "summary": "https://support.apple.com/en-us/120906", "url": "https://support.apple.com/en-us/120906" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2024/Jun/5", "url": "http://seclists.org/fulldisclosure/2024/Jun/5" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT214100", "url": "https://support.apple.com/en-us/HT214100" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT214101", "url": "https://support.apple.com/en-us/HT214101" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT214102", "url": "https://support.apple.com/en-us/HT214102" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT214103", "url": "https://support.apple.com/en-us/HT214103" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT214104", "url": "https://support.apple.com/en-us/HT214104" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT214106", "url": "https://support.apple.com/en-us/HT214106" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT214108", "url": "https://support.apple.com/en-us/HT214108" }, { "category": "external", "summary": "https://support.apple.com/kb/HT214100", "url": "https://support.apple.com/kb/HT214100" }, { "category": "external", "summary": "https://support.apple.com/kb/HT214102", "url": "https://support.apple.com/kb/HT214102" }, { "category": "external", "summary": "https://support.apple.com/kb/HT214104", "url": "https://support.apple.com/kb/HT214104" }, { "category": "external", "summary": "https://support.apple.com/kb/HT214106", "url": "https://support.apple.com/kb/HT214106" }, { "category": "external", "summary": "https://support.apple.com/kb/HT214108", "url": "https://support.apple.com/kb/HT214108" } ], "release_date": "2024-06-10T21:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-07T13:29:38Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976" }, { "category": "none_available", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-39928", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-39928" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EEMDC5TQAANFH5D77QM34ZTUKXPFGVL/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202401-33", "url": "https://security.gentoo.org/glsa/202401-33" }, { "category": "external", "summary": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1831", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1831" }, { "category": "external", "summary": "https://webkitgtk.org/security/WSA-2023-0009.html", "url": "https://webkitgtk.org/security/WSA-2023-0009.html" }, { "category": "external", "summary": "https://www.debian.org/security/2023/dsa-5527", "url": "https://www.debian.org/security/2023/dsa-5527" }, { "category": "external", "summary": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1831", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1831" } ], "release_date": "2023-10-06T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-07T13:29:38Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976" }, { "category": "none_available", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-42917", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-42917" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2023/Dec/12", "url": "http://seclists.org/fulldisclosure/2023/Dec/12" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2023/Dec/13", "url": "http://seclists.org/fulldisclosure/2023/Dec/13" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2023/Dec/3", "url": "http://seclists.org/fulldisclosure/2023/Dec/3" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2023/Dec/4", "url": "http://seclists.org/fulldisclosure/2023/Dec/4" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2023/Dec/5", "url": "http://seclists.org/fulldisclosure/2023/Dec/5" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2023/Dec/8", "url": "http://seclists.org/fulldisclosure/2023/Dec/8" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2024/Jan/35", "url": "http://seclists.org/fulldisclosure/2024/Jan/35" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2023/12/05/1", "url": "http://www.openwall.com/lists/oss-security/2023/12/05/1" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AD2KIHHCUBQC2YYH3FJWAHI5BG3QETOH/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P5LQS6VEI7VIZNC7QGQ62EOV45R5RJIR/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202401-04", "url": "https://security.gentoo.org/glsa/202401-04" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT214031", "url": "https://support.apple.com/en-us/HT214031" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT214032", "url": "https://support.apple.com/en-us/HT214032" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT214033", "url": "https://support.apple.com/en-us/HT214033" }, { "category": "external", "summary": "https://support.apple.com/kb/HT214033", "url": "https://support.apple.com/kb/HT214033" }, { "category": "external", "summary": "https://support.apple.com/kb/HT214034", "url": "https://support.apple.com/kb/HT214034" }, { "category": "external", "summary": "https://support.apple.com/kb/HT214062", "url": "https://support.apple.com/kb/HT214062" }, { "category": "external", "summary": "https://www.debian.org/security/2023/dsa-5575", "url": "https://www.debian.org/security/2023/dsa-5575" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-42917", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-42917" } ], "release_date": "2023-11-30T23:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-07T13:29:38Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976" }, { "category": "none_available", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-42950", "notes": [ { "category": "description", "text": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-42950" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/03/26/1", "url": "http://www.openwall.com/lists/oss-security/2024/03/26/1" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT214035", "url": "https://support.apple.com/en-us/HT214035" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT214036", "url": "https://support.apple.com/en-us/HT214036" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT214039", "url": "https://support.apple.com/en-us/HT214039" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT214040", "url": "https://support.apple.com/en-us/HT214040" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT214041", "url": "https://support.apple.com/en-us/HT214041" }, { "category": "external", "summary": "https://support.apple.com/kb/HT214039", "url": "https://support.apple.com/kb/HT214039" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20241018-0009/", "url": "https://security.netapp.com/advisory/ntap-20241018-0009/" } ], "release_date": "2024-03-28T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-07T13:29:38Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976" }, { "category": "none_available", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-4558", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-4558" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2024/Jul/15", "url": "http://seclists.org/fulldisclosure/2024/Jul/15" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2024/Jul/16", "url": "http://seclists.org/fulldisclosure/2024/Jul/16" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2024/Jul/18", "url": "http://seclists.org/fulldisclosure/2024/Jul/18" }, { "category": "external", "summary": "https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_7.html", "url": "https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_7.html" }, { "category": "external", "summary": "https://issues.chromium.org/issues/337766133", "url": "https://issues.chromium.org/issues/337766133" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6G7EYH2JAK5OJPVNC6AXYQ5K7YGYNCDN/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BWFSZNNWSQYDRYKNLBDGEXXKMBXDYQ3F/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BWFSZNNWSQYDRYKNLBDGEXXKMBXDYQ3F/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FAWEKDQTHPN7NFEMLIWP7YMIZ2DHF36N/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FAWEKDQTHPN7NFEMLIWP7YMIZ2DHF36N/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPETICRXUOGRIM4U3BCRTIKE3IZWCSBT/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LE3ASLH6QF2E5OVJI5VA3JSEPJFFFMNY/" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html", "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html" }, { "category": "external", "summary": "https://support.apple.com/kb/HT214117", "url": "https://support.apple.com/kb/HT214117" }, { "category": "external", "summary": "https://support.apple.com/kb/HT214119", "url": "https://support.apple.com/kb/HT214119" }, { "category": "external", "summary": "https://support.apple.com/kb/HT214121", "url": "https://support.apple.com/kb/HT214121" } ], "release_date": "2024-05-07T19:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-07T13:29:38Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976" }, { "category": "none_available", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.7, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2023-40451", "notes": [ { "category": "description", "text": "This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-40451" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2023/Oct/2", "url": "http://seclists.org/fulldisclosure/2023/Oct/2" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2023/09/28/3", "url": "http://www.openwall.com/lists/oss-security/2023/09/28/3" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202401-33", "url": "https://security.gentoo.org/glsa/202401-33" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213941", "url": "https://support.apple.com/en-us/HT213941" }, { "category": "external", "summary": "https://webkitgtk.org/security/WSA-2023-0009.html", "url": "https://webkitgtk.org/security/WSA-2023-0009.html" } ], "release_date": "2023-09-27T15:19:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-07T13:29:38Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976" }, { "category": "none_available", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-38611", "notes": [ { "category": "description", "text": "The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-38611" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2023/08/02/1", "url": "http://www.openwall.com/lists/oss-security/2023/08/02/1" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202401-04", "url": "https://security.gentoo.org/glsa/202401-04" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213841", "url": "https://support.apple.com/en-us/HT213841" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213843", "url": "https://support.apple.com/en-us/HT213843" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213846", "url": "https://support.apple.com/en-us/HT213846" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213847", "url": "https://support.apple.com/en-us/HT213847" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213848", "url": "https://support.apple.com/en-us/HT213848" }, { "category": "external", "summary": "https://www.debian.org/security/2023/dsa-5468", "url": "https://www.debian.org/security/2023/dsa-5468" } ], "release_date": "2023-07-27T01:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-07T13:29:38Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976" }, { "category": "none_available", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-42970", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. Processing web content may lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-42970" } ], "release_date": "2025-05-15T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-07T13:29:38Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976" }, { "category": "none_available", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-28198", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-28198" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2023/09/11/1", "url": "http://www.openwall.com/lists/oss-security/2023/09/11/1" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202401-04", "url": "https://security.gentoo.org/glsa/202401-04" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213670", "url": "https://support.apple.com/en-us/HT213670" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213676", "url": "https://support.apple.com/en-us/HT213676" } ], "release_date": "2023-08-14T23:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-07T13:29:38Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976" }, { "category": "none_available", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-38572", "notes": [ { "category": "description", "text": "The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. A website may be able to bypass Same Origin Policy.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-38572" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2023/08/02/1", "url": "http://www.openwall.com/lists/oss-security/2023/08/02/1" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ4DG5LHWG2INDOTPB7MO4JVJN6LKL3M/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQXJYKTGLKI6TJEFJCKPHCNY7PS72OER/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202401-04", "url": "https://security.gentoo.org/glsa/202401-04" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213841", "url": "https://support.apple.com/en-us/HT213841" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213842", "url": "https://support.apple.com/en-us/HT213842" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213843", "url": "https://support.apple.com/en-us/HT213843" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213846", "url": "https://support.apple.com/en-us/HT213846" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213847", "url": "https://support.apple.com/en-us/HT213847" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT213848", "url": "https://support.apple.com/en-us/HT213848" }, { "category": "external", "summary": "https://www.debian.org/security/2023/dsa-5468", "url": "https://www.debian.org/security/2023/dsa-5468" } ], "release_date": "2023-07-27T01:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-07T13:29:38Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976" }, { "category": "none_available", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-42890", "notes": [ { "category": "description", "text": "The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "known_affected": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-42890" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2023/Dec/12", "url": "http://seclists.org/fulldisclosure/2023/Dec/12" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2023/Dec/13", "url": "http://seclists.org/fulldisclosure/2023/Dec/13" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2023/Dec/6", "url": "http://seclists.org/fulldisclosure/2023/Dec/6" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2023/Dec/7", "url": "http://seclists.org/fulldisclosure/2023/Dec/7" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2023/Dec/9", "url": "http://seclists.org/fulldisclosure/2023/Dec/9" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2023/12/18/1", "url": "http://www.openwall.com/lists/oss-security/2023/12/18/1" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202401-33", "url": "https://security.gentoo.org/glsa/202401-33" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT214035", "url": "https://support.apple.com/en-us/HT214035" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT214036", "url": "https://support.apple.com/en-us/HT214036" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT214039", "url": "https://support.apple.com/en-us/HT214039" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT214040", "url": "https://support.apple.com/en-us/HT214040" }, { "category": "external", "summary": "https://support.apple.com/en-us/HT214041", "url": "https://support.apple.com/en-us/HT214041" }, { "category": "external", "summary": "https://support.apple.com/kb/HT214039", "url": "https://support.apple.com/kb/HT214039" } ], "release_date": "2023-12-12T01:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-07-07T13:29:38Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1751894976" }, { "category": "none_available", "details": "Affected", "product_ids": [ "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.38.5-1.el9.3.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.i686", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.38.5-1.el9.3.tuxcare.els1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:webkit2gtk3-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-0:2.44.4-1.el9.tuxcare.els1.x86_64", "AlmaLinux-9.2:webkit2gtk3-jsc-devel-0:2.44.4-1.el9.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }