SUSE-SU-2025:1325-1
- Source
- https://www.suse.com/support/update/announcement/2025/suse-su-20251325-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:1325-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2025:1325-1
- Related
- Published
- 2025-04-16T08:36:20Z
- Modified
- 2025-05-02T04:37:03.306355Z
- Upstream
- Summary
- Security update for webkit2gtk3
- Details
-
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.48.1
- CVE-2024-54551: improper memory handling may lead to a denial-of-service when processing certain web content (bsc#1240962)
- CVE-2025-24208: permissions issue may lead to a cross-site scripting attack when loading a malicious iframe (bsc#1240961)
- CVE-2025-24209: buffer overflow may lead to crash when processing maliciously crafted web content (bsc#1240964)
- CVE-2025-24213: type confusion issue may lead to memory corruption (bsc#1240963)
- CVE-2025-24216: improper memory handling may lead to an unexpected crash when processing certain web content (bsc#1240986)
- CVE-2025-24264: improper memory handling may lead to unexpected crash when processing certain web content (bsc#1240987)
- CVE-2025-30427: use-after-free issue may lead to an unexpected Safari crash when processing maliciously crafted web content (bsc#1240958)
- CVE-2024-44192: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1239863)
- CVE-2024-54467: a malicious website may exfiltrate data cross-origin due to a cookie management issue (bsc#1239864)
- References
-
- https://www.suse.com/support/update/announcement/2025/suse-su-20251325-1/
- https://bugzilla.suse.com/1239863
- https://bugzilla.suse.com/1239864
- https://bugzilla.suse.com/1240958
- https://bugzilla.suse.com/1240961
- https://bugzilla.suse.com/1240962
- https://bugzilla.suse.com/1240963
- https://bugzilla.suse.com/1240964
- https://bugzilla.suse.com/1240986
- https://bugzilla.suse.com/1240987
- https://www.suse.com/security/cve/CVE-2024-44192
- https://www.suse.com/security/cve/CVE-2024-54467
- https://www.suse.com/security/cve/CVE-2024-54551
- https://www.suse.com/security/cve/CVE-2025-24208
- https://www.suse.com/security/cve/CVE-2025-24209
- https://www.suse.com/security/cve/CVE-2025-24213
- https://www.suse.com/security/cve/CVE-2025-24216
- https://www.suse.com/security/cve/CVE-2025-24264
- https://www.suse.com/security/cve/CVE-2025-30427
Affected packages
SUSE:Linux Enterprise Server 12 SP5-LTSS / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.48.1-4.34.1
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-WebKit2-4_0": "2.48.1-4.34.1",
"typelib-1_0-JavaScriptCore-4_0": "2.48.1-4.34.1",
"libjavascriptcoregtk-4_0-18": "2.48.1-4.34.1",
"webkit2gtk-4_0-injected-bundles": "2.48.1-4.34.1",
"libwebkit2gtk-4_0-37": "2.48.1-4.34.1",
"libwebkit2gtk3-lang": "2.48.1-4.34.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.48.1-4.34.1",
"webkit2gtk3-devel": "2.48.1-4.34.1"
}
]
}
SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.48.1-4.34.1
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-WebKit2-4_0": "2.48.1-4.34.1",
"typelib-1_0-JavaScriptCore-4_0": "2.48.1-4.34.1",
"libjavascriptcoregtk-4_0-18": "2.48.1-4.34.1",
"webkit2gtk-4_0-injected-bundles": "2.48.1-4.34.1",
"libwebkit2gtk-4_0-37": "2.48.1-4.34.1",
"libwebkit2gtk3-lang": "2.48.1-4.34.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.48.1-4.34.1",
"webkit2gtk3-devel": "2.48.1-4.34.1"
}
]
}