Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:01746-1

Опубликовано: 29 мая 2025
Источник: suse-cvrf

Описание

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues:

Update to version 2.48.2.

Security issues fixed:

  • CVE-2025-31205: lack of checks may lead to cross-origin data exfiltration through a malicious website (bsc#1243282).
  • CVE-2025-31204: improper memory handling when processing certain web content may lead to memory corruption (bsc#1243286).
  • CVE-2025-31206: type confusion issue when processing certain web content may lead to an unexpected crash (bsc#1243288).
  • CVE-2025-31215: lack of checks when processing certain web content may lead to an unexpected crash (bsc#1243289).
  • CVE-2025-31257: improper memory handling when processing certain web content may lead to an unexpected crash (bsc#1243596).
  • CVE-2025-24223: improper memory handling when processing certain web content may lead to memory corruption (bsc#1243424).

Other changes and issues fixed:

  • Enable CSS overscroll behavior by default.
  • Change threaded rendering implementation to use Skia API instead of WebCore display list that is not thread safe.
  • Fix rendering when device scale factor change comes before the web view geometry update.
  • Fix network process crash on exit.
  • Fix the build with ENABLE_RESOURCE_USAGE=OFF.
  • Fix several crashes and rendering issues.

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP6
WebKitGTK-4.0-lang-2.48.2-150600.12.40.2
WebKitGTK-6.0-lang-2.48.2-150600.12.40.2
libjavascriptcoregtk-4_0-18-2.48.2-150600.12.40.2
libjavascriptcoregtk-6_0-1-2.48.2-150600.12.40.2
libwebkit2gtk-4_0-37-2.48.2-150600.12.40.2
libwebkitgtk-6_0-4-2.48.2-150600.12.40.2
typelib-1_0-JavaScriptCore-4_0-2.48.2-150600.12.40.2
typelib-1_0-WebKit2-4_0-2.48.2-150600.12.40.2
typelib-1_0-WebKit2WebExtension-4_0-2.48.2-150600.12.40.2
webkit2gtk-4_0-injected-bundles-2.48.2-150600.12.40.2
webkit2gtk3-soup2-devel-2.48.2-150600.12.40.2
webkitgtk-6_0-injected-bundles-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Basesystem 15 SP7
WebKitGTK-4.0-lang-2.48.2-150600.12.40.2
WebKitGTK-6.0-lang-2.48.2-150600.12.40.2
libjavascriptcoregtk-4_0-18-2.48.2-150600.12.40.2
libjavascriptcoregtk-6_0-1-2.48.2-150600.12.40.2
libwebkit2gtk-4_0-37-2.48.2-150600.12.40.2
libwebkitgtk-6_0-4-2.48.2-150600.12.40.2
typelib-1_0-JavaScriptCore-4_0-2.48.2-150600.12.40.2
typelib-1_0-WebKit2-4_0-2.48.2-150600.12.40.2
typelib-1_0-WebKit2WebExtension-4_0-2.48.2-150600.12.40.2
webkit2gtk-4_0-injected-bundles-2.48.2-150600.12.40.2
webkit2gtk3-soup2-devel-2.48.2-150600.12.40.2
webkitgtk-6_0-injected-bundles-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP6
WebKitGTK-4.1-lang-2.48.2-150600.12.40.2
libjavascriptcoregtk-4_1-0-2.48.2-150600.12.40.2
libwebkit2gtk-4_1-0-2.48.2-150600.12.40.2
typelib-1_0-JavaScriptCore-4_1-2.48.2-150600.12.40.2
typelib-1_0-WebKit2-4_1-2.48.2-150600.12.40.2
typelib-1_0-WebKit2WebExtension-4_1-2.48.2-150600.12.40.2
webkit2gtk-4_1-injected-bundles-2.48.2-150600.12.40.2
webkit2gtk3-devel-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP7
WebKitGTK-4.1-lang-2.48.2-150600.12.40.2
libjavascriptcoregtk-4_1-0-2.48.2-150600.12.40.2
libwebkit2gtk-4_1-0-2.48.2-150600.12.40.2
typelib-1_0-JavaScriptCore-4_1-2.48.2-150600.12.40.2
typelib-1_0-WebKit2-4_1-2.48.2-150600.12.40.2
typelib-1_0-WebKit2WebExtension-4_1-2.48.2-150600.12.40.2
webkit2gtk-4_1-injected-bundles-2.48.2-150600.12.40.2
webkit2gtk3-devel-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Development Tools 15 SP6
typelib-1_0-JavaScriptCore-6_0-2.48.2-150600.12.40.2
typelib-1_0-WebKit-6_0-2.48.2-150600.12.40.2
typelib-1_0-WebKitWebProcessExtension-6_0-2.48.2-150600.12.40.2
webkit2gtk4-devel-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Development Tools 15 SP7
typelib-1_0-JavaScriptCore-6_0-2.48.2-150600.12.40.2
typelib-1_0-WebKit-6_0-2.48.2-150600.12.40.2
typelib-1_0-WebKitWebProcessExtension-6_0-2.48.2-150600.12.40.2
webkit2gtk4-devel-2.48.2-150600.12.40.2
openSUSE Leap 15.6
WebKitGTK-4.0-lang-2.48.2-150600.12.40.2
WebKitGTK-4.1-lang-2.48.2-150600.12.40.2
WebKitGTK-6.0-lang-2.48.2-150600.12.40.2
libjavascriptcoregtk-4_0-18-2.48.2-150600.12.40.2
libjavascriptcoregtk-4_0-18-32bit-2.48.2-150600.12.40.2
libjavascriptcoregtk-4_1-0-2.48.2-150600.12.40.2
libjavascriptcoregtk-4_1-0-32bit-2.48.2-150600.12.40.2
libjavascriptcoregtk-6_0-1-2.48.2-150600.12.40.2
libwebkit2gtk-4_0-37-2.48.2-150600.12.40.2
libwebkit2gtk-4_0-37-32bit-2.48.2-150600.12.40.2
libwebkit2gtk-4_1-0-2.48.2-150600.12.40.2
libwebkit2gtk-4_1-0-32bit-2.48.2-150600.12.40.2
libwebkitgtk-6_0-4-2.48.2-150600.12.40.2
typelib-1_0-JavaScriptCore-4_0-2.48.2-150600.12.40.2
typelib-1_0-JavaScriptCore-4_1-2.48.2-150600.12.40.2
typelib-1_0-JavaScriptCore-6_0-2.48.2-150600.12.40.2
typelib-1_0-WebKit-6_0-2.48.2-150600.12.40.2
typelib-1_0-WebKit2-4_0-2.48.2-150600.12.40.2
typelib-1_0-WebKit2-4_1-2.48.2-150600.12.40.2
typelib-1_0-WebKit2WebExtension-4_0-2.48.2-150600.12.40.2
typelib-1_0-WebKit2WebExtension-4_1-2.48.2-150600.12.40.2
typelib-1_0-WebKitWebProcessExtension-6_0-2.48.2-150600.12.40.2
webkit-jsc-4-2.48.2-150600.12.40.2
webkit-jsc-4.1-2.48.2-150600.12.40.2
webkit-jsc-6.0-2.48.2-150600.12.40.2
webkit2gtk-4_0-injected-bundles-2.48.2-150600.12.40.2
webkit2gtk-4_1-injected-bundles-2.48.2-150600.12.40.2
webkit2gtk3-devel-2.48.2-150600.12.40.2
webkit2gtk3-minibrowser-2.48.2-150600.12.40.2
webkit2gtk3-soup2-devel-2.48.2-150600.12.40.2
webkit2gtk3-soup2-minibrowser-2.48.2-150600.12.40.2
webkit2gtk4-devel-2.48.2-150600.12.40.2
webkit2gtk4-minibrowser-2.48.2-150600.12.40.2
webkitgtk-6_0-injected-bundles-2.48.2-150600.12.40.2

Ссылки

Описание

Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory handling.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-4.0-lang-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-6.0-lang-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-4_0-18-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-6_0-1-2.48.2-150600.12.40.2
Ссылки

Описание

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. Processing web content may lead to arbitrary code execution.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-4.0-lang-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-6.0-lang-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-4_0-18-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-6_0-1-2.48.2-150600.12.40.2
Ссылки

Описание

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. Processing web content may lead to arbitrary code execution.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-4.0-lang-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-6.0-lang-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-4_0-18-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-6_0-1-2.48.2-150600.12.40.2
Ссылки

Описание

The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-4.0-lang-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-6.0-lang-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-4_0-18-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-6_0-1-2.48.2-150600.12.40.2
Ссылки

Описание

The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-4.0-lang-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-6.0-lang-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-4_0-18-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-6_0-1-2.48.2-150600.12.40.2
Ссылки

Описание

The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. A malicious website may exfiltrate data cross-origin.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-4.0-lang-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-6.0-lang-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-4_0-18-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-6_0-1-2.48.2-150600.12.40.2
Ссылки

Описание

A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-4.0-lang-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-6.0-lang-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-4_0-18-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-6_0-1-2.48.2-150600.12.40.2
Ссылки

Описание

The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected process crash.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-4.0-lang-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-6.0-lang-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-4_0-18-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-6_0-1-2.48.2-150600.12.40.2
Ссылки

Описание

This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-4.0-lang-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-6.0-lang-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-4_0-18-2.48.2-150600.12.40.2
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-6_0-1-2.48.2-150600.12.40.2
Ссылки
Уязвимость SUSE-SU-2025:01746-1