Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:02033-1

Опубликовано: 20 июн. 2025
Источник: suse-cvrf

Описание

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues:

Update to version 2.48.2:

  • CVE-2025-24223: Processing maliciously crafted web content may lead to memory corruption (bsc#1243424).
  • CVE-2025-31204: Processing maliciously crafted web content may lead to memory corruption (bsc#1243286).
  • CVE-2025-31205: A malicious website may exfiltrate data cross-origin (bsc#1243282).
  • CVE-2025-31206: Processing maliciously crafted web content may lead to an unexpected crash (bsc#1243288).
  • CVE-2025-31215: Processing maliciously crafted web content may lead to an unexpected process crash (bsc#1243289).
  • CVE-2025-31257: Improper memory handling when processing certain web content may lead to an unexpected crash (bsc#1243596).
  • CVE-2023-42875: Improper memory handling may lead to arbitrary code execution when processing certain web content (bsc#1241158).
  • CVE-2023-42970: Improper memory management may lead to use-after-free when processing certain web content (bsc#1241160).

Список пакетов

SUSE Enterprise Storage 7.1
libjavascriptcoregtk-4_0-18-2.48.2-150200.147.1
libwebkit2gtk-4_0-37-2.48.2-150200.147.1
libwebkit2gtk3-lang-2.48.2-150200.147.1
typelib-1_0-JavaScriptCore-4_0-2.48.2-150200.147.1
typelib-1_0-WebKit2-4_0-2.48.2-150200.147.1
typelib-1_0-WebKit2WebExtension-4_0-2.48.2-150200.147.1
webkit2gtk-4_0-injected-bundles-2.48.2-150200.147.1
webkit2gtk3-devel-2.48.2-150200.147.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
libjavascriptcoregtk-4_0-18-2.48.2-150200.147.1
libwebkit2gtk-4_0-37-2.48.2-150200.147.1
libwebkit2gtk3-lang-2.48.2-150200.147.1
typelib-1_0-JavaScriptCore-4_0-2.48.2-150200.147.1
typelib-1_0-WebKit2-4_0-2.48.2-150200.147.1
typelib-1_0-WebKit2WebExtension-4_0-2.48.2-150200.147.1
webkit2gtk-4_0-injected-bundles-2.48.2-150200.147.1
webkit2gtk3-devel-2.48.2-150200.147.1
SUSE Linux Enterprise Server 15 SP3-LTSS
libjavascriptcoregtk-4_0-18-2.48.2-150200.147.1
libwebkit2gtk-4_0-37-2.48.2-150200.147.1
libwebkit2gtk3-lang-2.48.2-150200.147.1
typelib-1_0-JavaScriptCore-4_0-2.48.2-150200.147.1
typelib-1_0-WebKit2-4_0-2.48.2-150200.147.1
typelib-1_0-WebKit2WebExtension-4_0-2.48.2-150200.147.1
webkit2gtk-4_0-injected-bundles-2.48.2-150200.147.1
webkit2gtk3-devel-2.48.2-150200.147.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
libjavascriptcoregtk-4_0-18-2.48.2-150200.147.1
libwebkit2gtk-4_0-37-2.48.2-150200.147.1
libwebkit2gtk3-lang-2.48.2-150200.147.1
typelib-1_0-JavaScriptCore-4_0-2.48.2-150200.147.1
typelib-1_0-WebKit2-4_0-2.48.2-150200.147.1
typelib-1_0-WebKit2WebExtension-4_0-2.48.2-150200.147.1
webkit2gtk-4_0-injected-bundles-2.48.2-150200.147.1
webkit2gtk3-devel-2.48.2-150200.147.1

Описание

Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory handling.


Затронутые продукты
SUSE Enterprise Storage 7.1:libjavascriptcoregtk-4_0-18-2.48.2-150200.147.1
SUSE Enterprise Storage 7.1:libwebkit2gtk-4_0-37-2.48.2-150200.147.1
SUSE Enterprise Storage 7.1:libwebkit2gtk3-lang-2.48.2-150200.147.1
SUSE Enterprise Storage 7.1:typelib-1_0-JavaScriptCore-4_0-2.48.2-150200.147.1

Ссылки

Описание

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. Processing web content may lead to arbitrary code execution.


Затронутые продукты
SUSE Enterprise Storage 7.1:libjavascriptcoregtk-4_0-18-2.48.2-150200.147.1
SUSE Enterprise Storage 7.1:libwebkit2gtk-4_0-37-2.48.2-150200.147.1
SUSE Enterprise Storage 7.1:libwebkit2gtk3-lang-2.48.2-150200.147.1
SUSE Enterprise Storage 7.1:typelib-1_0-JavaScriptCore-4_0-2.48.2-150200.147.1

Ссылки

Описание

The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.


Затронутые продукты
SUSE Enterprise Storage 7.1:libjavascriptcoregtk-4_0-18-2.48.2-150200.147.1
SUSE Enterprise Storage 7.1:libwebkit2gtk-4_0-37-2.48.2-150200.147.1
SUSE Enterprise Storage 7.1:libwebkit2gtk3-lang-2.48.2-150200.147.1
SUSE Enterprise Storage 7.1:typelib-1_0-JavaScriptCore-4_0-2.48.2-150200.147.1

Ссылки

Описание

The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.


Затронутые продукты
SUSE Enterprise Storage 7.1:libjavascriptcoregtk-4_0-18-2.48.2-150200.147.1
SUSE Enterprise Storage 7.1:libwebkit2gtk-4_0-37-2.48.2-150200.147.1
SUSE Enterprise Storage 7.1:libwebkit2gtk3-lang-2.48.2-150200.147.1
SUSE Enterprise Storage 7.1:typelib-1_0-JavaScriptCore-4_0-2.48.2-150200.147.1

Ссылки

Описание

The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. A malicious website may exfiltrate data cross-origin.


Затронутые продукты
SUSE Enterprise Storage 7.1:libjavascriptcoregtk-4_0-18-2.48.2-150200.147.1
SUSE Enterprise Storage 7.1:libwebkit2gtk-4_0-37-2.48.2-150200.147.1
SUSE Enterprise Storage 7.1:libwebkit2gtk3-lang-2.48.2-150200.147.1
SUSE Enterprise Storage 7.1:typelib-1_0-JavaScriptCore-4_0-2.48.2-150200.147.1

Ссылки

Описание

A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.


Затронутые продукты
SUSE Enterprise Storage 7.1:libjavascriptcoregtk-4_0-18-2.48.2-150200.147.1
SUSE Enterprise Storage 7.1:libwebkit2gtk-4_0-37-2.48.2-150200.147.1
SUSE Enterprise Storage 7.1:libwebkit2gtk3-lang-2.48.2-150200.147.1
SUSE Enterprise Storage 7.1:typelib-1_0-JavaScriptCore-4_0-2.48.2-150200.147.1

Ссылки

Описание

The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected process crash.


Затронутые продукты
SUSE Enterprise Storage 7.1:libjavascriptcoregtk-4_0-18-2.48.2-150200.147.1
SUSE Enterprise Storage 7.1:libwebkit2gtk-4_0-37-2.48.2-150200.147.1
SUSE Enterprise Storage 7.1:libwebkit2gtk3-lang-2.48.2-150200.147.1
SUSE Enterprise Storage 7.1:typelib-1_0-JavaScriptCore-4_0-2.48.2-150200.147.1

Ссылки

Описание

This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.


Затронутые продукты
SUSE Enterprise Storage 7.1:libjavascriptcoregtk-4_0-18-2.48.2-150200.147.1
SUSE Enterprise Storage 7.1:libwebkit2gtk-4_0-37-2.48.2-150200.147.1
SUSE Enterprise Storage 7.1:libwebkit2gtk3-lang-2.48.2-150200.147.1
SUSE Enterprise Storage 7.1:typelib-1_0-JavaScriptCore-4_0-2.48.2-150200.147.1

Ссылки