SUSE-SU-2025:0639-1
- Source
- https://www.suse.com/support/update/announcement/2025/suse-su-20250639-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0639-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2025:0639-1
- Related
- Published
- 2025-02-21T18:56:51Z
- Modified
- 2025-02-21T18:56:51Z
- Summary
- Security update for webkit2gtk3
- Details
-
This update for webkit2gtk3 fixes the following issues:
Update to version 2.46.6 (bsc#1236946):
- CVE-2025-24143: A maliciously crafted webpage may be able to fingerprint the user.
- CVE-2025-24150: Copying a URL from Web Inspector may lead to command injection.
- CVE-2025-24158: Processing web content may lead to a denial-of-service.
- CVE-2025-24162: Processing maliciously crafted web content may lead to an unexpected process crash.
Already fixed in previous releases:
- CVE-2024-54543: Processing maliciously crafted web content may lead to memory corruption.
- CVE-2024-27856: Processing a file may lead to unexpected app termination or arbitrary code execution.
- CVE-2024-54658: Processing web content may lead to a denial-of-service.
- References
-
- https://www.suse.com/support/update/announcement/2025/suse-su-20250639-1/
- https://bugzilla.suse.com/1236946
- https://www.suse.com/security/cve/CVE-2024-27856
- https://www.suse.com/security/cve/CVE-2024-54543
- https://www.suse.com/security/cve/CVE-2024-54658
- https://www.suse.com/security/cve/CVE-2025-24143
- https://www.suse.com/security/cve/CVE-2025-24150
- https://www.suse.com/security/cve/CVE-2025-24158
- https://www.suse.com/security/cve/CVE-2025-24162
Affected packages
SUSE:Linux Enterprise Server 12 SP5-LTSS / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.46.6-4.28.1
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-WebKit2-4_0": "2.46.6-4.28.1",
"typelib-1_0-JavaScriptCore-4_0": "2.46.6-4.28.1",
"libjavascriptcoregtk-4_0-18": "2.46.6-4.28.1",
"webkit2gtk-4_0-injected-bundles": "2.46.6-4.28.1",
"libwebkit2gtk-4_0-37": "2.46.6-4.28.1",
"libwebkit2gtk3-lang": "2.46.6-4.28.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.46.6-4.28.1",
"webkit2gtk3-devel": "2.46.6-4.28.1"
}
]
}
SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.46.6-4.28.1
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-WebKit2-4_0": "2.46.6-4.28.1",
"typelib-1_0-JavaScriptCore-4_0": "2.46.6-4.28.1",
"libjavascriptcoregtk-4_0-18": "2.46.6-4.28.1",
"webkit2gtk-4_0-injected-bundles": "2.46.6-4.28.1",
"libwebkit2gtk-4_0-37": "2.46.6-4.28.1",
"libwebkit2gtk3-lang": "2.46.6-4.28.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.46.6-4.28.1",
"webkit2gtk3-devel": "2.46.6-4.28.1"
}
]
}