[CLSA-2026:1782217586] webkit2gtk3: Fix of 16 CVEs
Type:
security
Severity:
Important
Release date:
2026-06-23 12:27:07 UTC
Description:
- Rebase to webkitgtk 2.52.4 to address WebKitGTK security advisory WSA-2026-0003 (16 CVEs). - Refresh libsoup2.patch for 2.52.4 library version triplet bumps (WEBKIT 21/8/21, JAVASCRIPTCORE 10/12/10 on API 4.1; WEBKIT 20/8/16, JAVASCRIPTCORE 8/12/7 on API 6.0). - Drop aarch64-build.patch — the upstream cherry-pick (Apple fix for WebKit bug 306638) is included in 2.52.4. - Add fix-system-malloc-llint-extractor.patch (upstream cherry-pick 314364@main, bugs.webkit.org/show_bug.cgi?id=316083) to gate bmalloc_CopyHeaders in LLIntSettingsExtractor/LLIntOffsetsExtractor dependencies on (NOT USE_SYSTEM_MALLOC). Without it, CMake configure fails on aarch64 because USE_64KB_PAGE_BLOCK=ON forces USE_SYSTEM_MALLOC=ON, which prevents the bmalloc subdirectory from being added and the bmalloc_CopyHeaders target from being created. - CVEs resolved by this rebase (WSA-2026-0003): CVE-2026-28847, CVE-2026-28883, CVE-2026-28901, CVE-2026-28902, CVE-2026-28903, CVE-2026-28904, CVE-2026-28905, CVE-2026-28907, CVE-2026-28942, CVE-2026-28946, CVE-2026-28947, CVE-2026-28953, CVE-2026-28955, CVE-2026-28958, CVE-2026-43658, CVE-2026-43660
Updated packages:
  • webkit2gtk3-2.52.4-1.el9.tuxcare.els9.x86_64.rpm
    sha:4670b59e20d4fd5e1495f7311f258c29118d8b18c85a2309d12d07a556e93aeb
  • webkit2gtk3-devel-2.52.4-1.el9.tuxcare.els9.x86_64.rpm
    sha:268d9f1761477b70e76aeefa4b7ce6308c59720555ccd108dabb1138a104c118
  • webkit2gtk3-jsc-2.52.4-1.el9.tuxcare.els9.x86_64.rpm
    sha:8cf6805859ca2be29f03417e9f109f8045eda5bce346f5329421eb72624f2637
  • webkit2gtk3-jsc-devel-2.52.4-1.el9.tuxcare.els9.x86_64.rpm
    sha:89ebc3eb7f75a90cb950f47b903b825183beec163e6a43796b24e6bd58294a7e
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.