Описание
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.48.1
- CVE-2024-54551: improper memory handling may lead to a denial-of-service when processing certain web content (bsc#1240962)
- CVE-2025-24208: permissions issue may lead to a cross-site scripting attack when loading a malicious iframe (bsc#1240961)
- CVE-2025-24209: buffer overflow may lead to crash when processing maliciously crafted web content (bsc#1240964)
- CVE-2025-24213: type confusion issue may lead to memory corruption (bsc#1240963)
- CVE-2025-24216: improper memory handling may lead to an unexpected crash when processing certain web content (bsc#1240986)
- CVE-2025-24264: improper memory handling may lead to unexpected crash when processing certain web content (bsc#1240987)
- CVE-2025-30427: use-after-free issue may lead to an unexpected Safari crash when processing maliciously crafted web content (bsc#1240958)
- CVE-2024-44192: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1239863)
- CVE-2024-54467: a malicious website may exfiltrate data cross-origin due to a cookie management issue (bsc#1239864)
Список пакетов
SUSE Linux Enterprise Server 12 SP5-LTSS
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
Ссылки
- Link for SUSE-SU-2025:1325-1
- E-Mail link for SUSE-SU-2025:1325-1
- SUSE Security Ratings
- SUSE Bug 1239863
- SUSE Bug 1239864
- SUSE Bug 1240958
- SUSE Bug 1240961
- SUSE Bug 1240962
- SUSE Bug 1240963
- SUSE Bug 1240964
- SUSE Bug 1240986
- SUSE Bug 1240987
- SUSE CVE CVE-2024-44192 page
- SUSE CVE CVE-2024-54467 page
- SUSE CVE CVE-2024-54551 page
- SUSE CVE CVE-2025-24208 page
- SUSE CVE CVE-2025-24209 page
- SUSE CVE CVE-2025-24213 page
- SUSE CVE CVE-2025-24216 page
- SUSE CVE CVE-2025-24264 page
Описание
The issue was addressed with improved checks. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
Ссылки
- CVE-2024-44192
- SUSE Bug 1239863
Описание
A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
Затронутые продукты
Ссылки
- CVE-2024-54467
- SUSE Bug 1239864
Описание
The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6 and iPadOS 17.6. Processing web content may lead to a denial-of-service.
Затронутые продукты
Ссылки
- CVE-2024-54551
- SUSE Bug 1240962
Описание
A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4. Loading a malicious iframe may lead to a cross-site scripting attack.
Затронутые продукты
Ссылки
- CVE-2025-24208
- SUSE Bug 1240961
Описание
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
Ссылки
- CVE-2025-24209
- SUSE Bug 1240964
Описание
This issue was addressed with improved handling of floats. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A type confusion issue could lead to memory corruption.
Затронутые продукты
Ссылки
- CVE-2025-24213
- SUSE Bug 1240963
Описание
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Затронутые продукты
Ссылки
- CVE-2025-24216
- SUSE Bug 1240986
Описание
The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Затронутые продукты
Ссылки
- CVE-2025-24264
- SUSE Bug 1240987
Описание
A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Затронутые продукты
Ссылки
- CVE-2025-30427
- SUSE Bug 1240958