Updated webkit2 packages fix security vulnerabilities
Publication date: 24 Mar 2026Modification date: 24 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-43457 , CVE-2026-20608 , CVE-2026-20635 , CVE-2026-20636 , CVE-2026-20644 , CVE-2026-20652 , CVE-2026-20676
Description
CVE-2025-43457 Processing maliciously crafted web content may lead to an
unexpected Safari crash. A use-after-free issue was addressed with improved
memory management.
CVE-2026-20608 Processing maliciously crafted web content may lead to an
unexpected process crash. This issue was addressed through improved state
management.
CVE-2026-20635 Processing maliciously crafted web content may lead to an
unexpected process crash. The issue was addressed with improved memory
handling.
CVE-2026-20636 Processing maliciously crafted web content may lead to an
unexpected process crash. The issue was addressed with improved memory
handling.
CVE-2026-20644 Processing maliciously crafted web content may lead to an
unexpected process crash. The issue was addressed with improved memory
handling.
CVE-2026-20652 A remote attacker may be able to cause a denial-of-service.
The issue was addressed with improved memory handling.
CVE-2026-20676 A website may be able to track users through Safari web
extensions. This issue was addressed through improved state management.
References
- https://bugs.mageia.org/show_bug.cgi?id=35228
- https://webkitgtk.org/2026/03/12/webkitgtk2.50.6-released.html
- https://webkitgtk.org/security/WSA-2026-0001.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43457
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20608
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20635
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20636
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20644
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20652
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20676
SRPMS
9/core
- webkit2-2.50.6-1.mga9