ALAS2-2025-2925

Amazon Linux 2 Security Advisory: ALAS2-2025-2925
Advisory Released Date: 2025-07-10
Advisory Updated Date: 2025-07-10

Severity: Important

References: CVE-2025-31204 CVE-2025-31205 CVE-2025-31206 CVE-2025-31215 CVE-2025-31257
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption. (CVE-2025-31204)

The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. A malicious website may exfiltrate data cross-origin. (CVE-2025-31205)

A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. (CVE-2025-31206)

The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected process crash. (CVE-2025-31215)

This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. (CVE-2025-31257)

Affected Packages:

webkitgtk4

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update webkitgtk4 to update your system.

New Packages:

aarch64:
    webkitgtk4-2.46.6-1.amzn2.0.3.aarch64
    webkitgtk4-devel-2.46.6-1.amzn2.0.3.aarch64
    webkitgtk4-jsc-2.46.6-1.amzn2.0.3.aarch64
    webkitgtk4-jsc-devel-2.46.6-1.amzn2.0.3.aarch64
    webkitgtk4-debuginfo-2.46.6-1.amzn2.0.3.aarch64

i686:
    webkitgtk4-2.46.6-1.amzn2.0.3.i686
    webkitgtk4-devel-2.46.6-1.amzn2.0.3.i686
    webkitgtk4-jsc-2.46.6-1.amzn2.0.3.i686
    webkitgtk4-jsc-devel-2.46.6-1.amzn2.0.3.i686
    webkitgtk4-debuginfo-2.46.6-1.amzn2.0.3.i686

src:
    webkitgtk4-2.46.6-1.amzn2.0.3.src

x86_64:
    webkitgtk4-2.46.6-1.amzn2.0.3.x86_64
    webkitgtk4-devel-2.46.6-1.amzn2.0.3.x86_64
    webkitgtk4-jsc-2.46.6-1.amzn2.0.3.x86_64
    webkitgtk4-jsc-devel-2.46.6-1.amzn2.0.3.x86_64
    webkitgtk4-debuginfo-2.46.6-1.amzn2.0.3.x86_64

Additional References

Release Notes: Amazon Linux 2 Release Notes

Red Hat: CVE-2025-31204, CVE-2025-31205, CVE-2025-31206, CVE-2025-31215, CVE-2025-31257

Mitre: CVE-2025-31204, CVE-2025-31205, CVE-2025-31206, CVE-2025-31215, CVE-2025-31257