-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4414-1 [email protected]
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
December 18, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : webkit2gtk
Version : 2.50.4-1~deb11u1
CVE ID : CVE-2025-14174 CVE-2025-43501 CVE-2025-43529 CVE-2025-43531
CVE-2025-43535 CVE-2025-43536 CVE-2025-43541
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2025-14174
Apple and the Google Threat Analysis Group discovered that
processing maliciously crafted web content may lead to memory
corruption. Apple is aware of a report that this issue may have
been exploited in an extremely sophisticated attack against
specific targeted individuals on versions of iOS before iOS 26.
CVE-2025-43529 was also issued in response to this report.
CVE-2025-43501
Hossein Lotfi discovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2025-43529
The Google Threat Analysis Group discovered that processing
maliciously crafted web content may lead to arbitrary code
execution. Apple is aware of a report that this issue may have
been exploited in an extremely sophisticated attack against
specific targeted individuals on versions of iOS before iOS 26.
CVE-2025-14174 was also issued in response to this report.
CVE-2025-43531
Phil Pizlo discovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2025-43535
Google Big Sleep / Nan Wang discovered that processing maliciously
crafted web content may lead to an unexpected process crash.
CVE-2025-43536
Nan Wang discovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2025-43541
Hossein Lotfi discovered that processing maliciously crafted web
content may lead to an unexpected process crash.
For Debian 11 bullseye, these problems have been fixed in version
2.50.4-1~deb11u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmlEAj0ACgkQnUbEiOQ2
gwIAzRAAqAHPh8HB2upjh/TT/TOvhvt0qqv8zKuJDOio2pSCsIPbsm8WrK7skNCG
yh8pYm7NSKisz9OWZfakYIYbI1JXWlLGCTyB5DyyuXD3dBPmfBJI7Kz9EBc8csN/
rVeVpfocBQyQuXD341DNLyEMZqmAEbVDqjL/bbwUPXj2JFB6PM2yFgjFCsTM7oTe
RpIz8xzXZbM3PCkN4ub5utSCRAhqSM/6M8DdkqUhgW3v2DBDUNp5HDsYgoLdeT5q
AxOg0Sqf6HAxmg0PuBcldWsyYhdEAzAw9/yHGNkei6da13QZJlf2fPz7egfdggkp
aoft6PsyHvl6SDNuLSbDo3T9sVcm9A7HikX5yeean62ibjnqRi/Axhy/xJr3ZWPZ
UIm/8iBR2SWj2xtT1WReAZnJN2epACY107rJA/esFdG+r1tEYyTORBm60Af+g24a
c25/9fFcja9V1V15e0tm9eGosNRBitg/jCSCGYEzLNdua53rOKtXZ0Nqy5CtYYf/
KR4bl7ry41mH3Ay3WIoCNzOcoIjqhOT+FsSC9apMxlH1WDoTi8RCYoOKSOKQ0OXI
utMMn8GVDH/5SwBEgzUtWiDgllxdzp9Z64VH7z/ZNyAX2FqKrHjZ1Du7Gi4lpx1q
yDAQLHduZZASQ9HTEsO31TSvXg3eNwfaL9YfKNlpFehQGONizQ8=
=SM+e
-----END PGP SIGNATURE-----
