Описание
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues:
Update to version 2.46.5 (bsc#1234851):
Security fixes:
- CVE-2024-54479: Processing maliciously crafted web content may lead to an unexpected process crash
- CVE-2024-54502: Processing maliciously crafted web content may lead to an unexpected process crash
- CVE-2024-54505: Processing maliciously crafted web content may lead to memory corruption
- CVE-2024-54508: Processing maliciously crafted web content may lead to an unexpected process crash
- CVE-2024-54534: Processing maliciously crafted web content may lead to memory corruption
Other fixes:
- Fix the build with GBM and release logs disabled.
- Fix several crashes and rendering issues.
- Improve memory consumption and performance of Canvas getImageData.
- Fix preserve-3D intersection rendering.
- Fix video dimensions since GStreamer 1.24.9.
- Fix the HTTP-based remote Web Inspector not loading in Chromium.
- Fix content filters not working on about:blank iframes.
- Fix several crashes and rendering issues.
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP6
SUSE Linux Enterprise Module for Desktop Applications 15 SP6
SUSE Linux Enterprise Module for Development Tools 15 SP6
openSUSE Leap 15.6
Ссылки
- Link for SUSE-SU-2025:0043-1
- E-Mail link for SUSE-SU-2025:0043-1
- SUSE Security Ratings
- SUSE Bug 1234851
- SUSE CVE CVE-2024-40866 page
- SUSE CVE CVE-2024-44185 page
- SUSE CVE CVE-2024-44187 page
- SUSE CVE CVE-2024-44308 page
- SUSE CVE CVE-2024-44309 page
- SUSE CVE CVE-2024-54479 page
- SUSE CVE CVE-2024-54502 page
- SUSE CVE CVE-2024-54505 page
- SUSE CVE CVE-2024-54508 page
- SUSE CVE CVE-2024-54534 page
Описание
The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing.
Затронутые продукты
Ссылки
- CVE-2024-40866
- SUSE Bug 1231039
Описание
The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
Ссылки
- CVE-2024-44185
- SUSE Bug 1232747
Описание
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
Затронутые продукты
Ссылки
- CVE-2024-44187
- SUSE Bug 1231039
Описание
The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
Затронутые продукты
Ссылки
- CVE-2024-44308
- SUSE Bug 1233631
Описание
A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
Затронутые продукты
Ссылки
- CVE-2024-44309
- SUSE Bug 1233632
Описание
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
Ссылки
- CVE-2024-54479
- SUSE Bug 1234851
Описание
The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
Ссылки
- CVE-2024-54502
- SUSE Bug 1234851
Описание
A type confusion issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption.
Затронутые продукты
Ссылки
- CVE-2024-54505
- SUSE Bug 1234851
Описание
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
Ссылки
- CVE-2024-54508
- SUSE Bug 1234851
Описание
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption.
Затронутые продукты
Ссылки
- CVE-2024-54534
- SUSE Bug 1234851