Описание
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues:
Update to version 2.46.6 (bsc#1236946, bsc#1234851):
- CVE-2025-24143: A maliciously crafted webpage may be able to fingerprint the user.
- CVE-2025-24150: Copying a URL from Web Inspector may lead to command injection.
- CVE-2025-24158: Processing web content may lead to a denial-of-service.
- CVE-2025-24162: Processing maliciously crafted web content may lead to an unexpected process crash.
- CVE-2024-54479: Processing maliciously crafted web content may lead to an unexpected process crash.
- CVE-2024-54502: Processing maliciously crafted web content may lead to an unexpected process crash.
- CVE-2024-54505: Processing maliciously crafted web content may lead to memory corruption.
- CVE-2024-54508: Processing maliciously crafted web content may lead to an unexpected process crash.
- CVE-2024-54543: Processing maliciously crafted web content may lead to memory corruption.
Already fixed in previous releases:
- CVE-2024-27856: Processing a file may lead to unexpected app termination or arbitrary code execution.
- CVE-2024-54534: Processing maliciously crafted web content may lead to memory corruption.
- CVE-2024-54658: Processing web content may lead to a denial-of-service.
Список пакетов
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
SUSE Linux Enterprise Server 15 SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP3
Ссылки
- Link for SUSE-SU-2025:0735-1
- E-Mail link for SUSE-SU-2025:0735-1
- SUSE Security Ratings
- SUSE Bug 1234851
- SUSE Bug 1236946
- SUSE CVE CVE-2024-27856 page
- SUSE CVE CVE-2024-54479 page
- SUSE CVE CVE-2024-54502 page
- SUSE CVE CVE-2024-54505 page
- SUSE CVE CVE-2024-54508 page
- SUSE CVE CVE-2024-54534 page
- SUSE CVE CVE-2024-54543 page
- SUSE CVE CVE-2024-54658 page
- SUSE CVE CVE-2025-24143 page
- SUSE CVE CVE-2025-24150 page
- SUSE CVE CVE-2025-24158 page
- SUSE CVE CVE-2025-24162 page
Описание
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app termination or arbitrary code execution.
Затронутые продукты
Ссылки
- CVE-2024-27856
- SUSE Bug 1236946
Описание
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
Ссылки
- CVE-2024-54479
- SUSE Bug 1234851
Описание
The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
Ссылки
- CVE-2024-54502
- SUSE Bug 1234851
Описание
A type confusion issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption.
Затронутые продукты
Ссылки
- CVE-2024-54505
- SUSE Bug 1234851
Описание
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
Ссылки
- CVE-2024-54508
- SUSE Bug 1234851
Описание
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption.
Затронутые продукты
Ссылки
- CVE-2024-54534
- SUSE Bug 1234851
Описание
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.2, tvOS 18.2, Safari 18.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2. Processing maliciously crafted web content may lead to memory corruption.
Затронутые продукты
Ссылки
- CVE-2024-54543
- SUSE Bug 1236946
Описание
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, Safari 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service.
Затронутые продукты
Ссылки
- CVE-2024-54658
- SUSE Bug 1236946
Описание
The issue was addressed with improved access restrictions to the file system. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. A maliciously crafted webpage may be able to fingerprint the user.
Затронутые продукты
Ссылки
- CVE-2025-24143
- SUSE Bug 1236946
Описание
A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3. Copying a URL from Web Inspector may lead to command injection.
Затронутые продукты
Ссылки
- CVE-2025-24150
- SUSE Bug 1236946
Описание
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing web content may lead to a denial-of-service.
Затронутые продукты
Ссылки
- CVE-2025-24158
- SUSE Bug 1236946
Описание
This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
Ссылки
- CVE-2025-24162
- SUSE Bug 1236946