[SECURITY] [DSA 6172-1] webkit2gtk security update To : debian-security-announce@lists.debian.org Subject : [SECURITY] [DSA 6172-1] webkit2gtk security update From : Alberto Garcia < berto@debian.org > Date : Sat, 21 Mar 2026 11:11:23 +0000 Message-id : < [🔎] ab582-KbcbBQ17EQ@seger.debian.org > Reply-to : debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6172-1 security@debian.org https://www.debian.org/security/ Alberto Garcia March 21, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : webkit2gtk CVE ID : CVE-2025-43214 CVE-2025-43457 CVE-2025-43511 CVE-2026-20608 CVE-2026-20635 CVE-2026-20636 CVE-2026-20644 CVE-2026-20652 CVE-2026-20676 The following vulnerabilities have been discovered in the WebKitGTK web engine: CVE-2025-43214 shandikri discovered that processing maliciously crafted web content may lead to an unexpected process crash. CVE-2025-43457 Gary Kwong and Hossein Lotfi discovered that processing maliciously crafted web content may lead to an unexpected process crash. CVE-2025-43511 Lee Dong Ha discovered that processing maliciously crafted web content may lead to an unexpected process crash. CVE-2026-20608 HanQing and Nan Wang discovered that processing maliciously crafted web content may lead to an unexpected process crash. CVE-2026-20635 EntryHi discovered that processing maliciously crafted web content may lead to an unexpected process crash. CVE-2026-20636 EntryHi discovered that processing maliciously crafted web content may lead to an unexpected process crash. CVE-2026-20644 HanQing and Nan Wang discovered that processing maliciously crafted web content may lead to an unexpected process crash. CVE-2026-20652 Nathaniel Oh discovered that a remote attacker may be able to cause a denial-of-service. CVE-2026-20676 Tom Van Goethem discovered that a website may be able to track users through web extensions. For the oldstable distribution (bookworm), these problems have been fixed in version 2.50.6-1~deb12u1. For the stable distribution (trixie), these problems have been fixed in version 2.50.6-1~deb13u1. We recommend that you upgrade your webkit2gtk packages. For the detailed security status of webkit2gtk please refer to its security tracker page at: https://security-tracker.debian.org/tracker/webkit2gtk Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmm+cVcACgkQAAyEYu0C 2AKCoQ//SylrhEmvavx0NjdeEleWEbbZRkejV/EUWc9VPT8g31euIAnpbBATUl80 /4MEPOoSdVMzsMhKns6/bCVI7DwgywjCEx5LGO4Ph5lHRe/5WwUiFUYGp+sshMp9 wO2vRbotgqaZuDlZ+Stg91RHWzXN8H8eBlTbEev5CJcrR319sden1haEVQu52bIZ MCOtuWW1RSu7VUkXd8y4U9/7ClFxgPvA5wgqA5v8CiFcX8C/Nfo1l43l8mitr0wd in4Hc1F5k9M2sEsoYCLBXggSlD0bzt67zhoWa7cZPng+Quzf5lYR/SBi/Pvp+xp8 d4M2KQlcoSGN8R3LpvPyBHjJCOZN145MrIRPLnJnaUNn535vQRXxDmg2wKaIMflF 8iB25AA/KdNBDtYPk816Dp087kn2uHKfu1IWC3VKB8GGbn5wkxZc79p/CUpfl5qS yakXl7TztH+042wtOVnvY5kaa8D1egpxcaI1Am4ePgvqoMaEvwQDXwCxbK/MT9QV 4u8/WEyYZZ1KRZePvjInb3F3eo9T/CGrz8L0lSY3Rnvjed5IXTtr4JRxNqCx4bQz sj+1iZqk1cswL4ZJVcJn3u4BAqAXcP4dST1Wd6XtJHGoAp05UklzrN4sdlbGKE/Q xxbQ2Oy1YAFlBjuXP54KR2YSPBWWtSCf5DBqVHDbwysByi/flYg= =AdCU -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Alberto Garcia (on-list) Alberto Garcia (off-list) Prev by Date: [SECURITY] [DSA 6171-1] chromium security update Previous by thread: [SECURITY] [DSA 6171-1] chromium security update Index(es): Date Thread