Описание
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues:
Update to version 2.48.2:
- CVE-2025-24223: Processing maliciously crafted web content may lead to memory corruption (bsc#1243424).
- CVE-2025-31204: Processing maliciously crafted web content may lead to memory corruption (bsc#1243286).
- CVE-2025-31205: A malicious website may exfiltrate data cross-origin (bsc#1243282).
- CVE-2025-31206: Processing maliciously crafted web content may lead to an unexpected crash (bsc#1243288).
- CVE-2025-31215: Processing maliciously crafted web content may lead to an unexpected process crash (bsc#1243289).
- CVE-2025-31257: Improper memory handling when processing certain web content may lead to an unexpected crash (bsc#1243596).
- CVE-2023-42875: Improper memory handling may lead to arbitrary code execution when processing certain web content (bsc#1241158).
- CVE-2023-42970: Improper memory management may lead to use-after-free when processing certain web content (bsc#1241160).
Список пакетов
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
SUSE Linux Enterprise Server 15 SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP3
Ссылки
- Link for SUSE-SU-2025:02033-1
- E-Mail link for SUSE-SU-2025:02033-1
- SUSE Security Ratings
- SUSE Bug 1241158
- SUSE Bug 1241160
- SUSE Bug 1243282
- SUSE Bug 1243286
- SUSE Bug 1243288
- SUSE Bug 1243289
- SUSE Bug 1243424
- SUSE Bug 1243596
- SUSE CVE CVE-2023-42875 page
- SUSE CVE CVE-2023-42970 page
- SUSE CVE CVE-2025-24223 page
- SUSE CVE CVE-2025-31204 page
- SUSE CVE CVE-2025-31205 page
- SUSE CVE CVE-2025-31206 page
- SUSE CVE CVE-2025-31215 page
- SUSE CVE CVE-2025-31257 page
Описание
Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory handling.
Затронутые продукты
Ссылки
- CVE-2023-42875
- SUSE Bug 1241158
Описание
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. Processing web content may lead to arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2023-42970
- SUSE Bug 1241160
Описание
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.
Затронутые продукты
Ссылки
- CVE-2025-24223
- SUSE Bug 1243424
Описание
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.
Затронутые продукты
Ссылки
- CVE-2025-31204
- SUSE Bug 1243286
Описание
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. A malicious website may exfiltrate data cross-origin.
Затронутые продукты
Ссылки
- CVE-2025-31205
- SUSE Bug 1243282
Описание
A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Затронутые продукты
Ссылки
- CVE-2025-31206
- SUSE Bug 1243288
Описание
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
Ссылки
- CVE-2025-31215
- SUSE Bug 1243289
Описание
This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Затронутые продукты
Ссылки
- CVE-2025-31257
- SUSE Bug 1243596