Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:1331-1

Опубликовано: 16 апр. 2025
Источник: suse-cvrf

Описание

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues:

  • Update to version 2.48.1
  • CVE-2024-54551: improper memory handling may lead to a denial-of-service when processing certain web content (bsc#1240962)
  • CVE-2025-24208: permissions issue may lead to a cross-site scripting attack when loading a malicious iframe (bsc#1240961)
  • CVE-2025-24209: buffer overflow may lead to crash when processing maliciously crafted web content (bsc#1240964)
  • CVE-2025-24213: type confusion issue may lead to memory corruption (bsc#1240963)
  • CVE-2025-24216: improper memory handling may lead to an unexpected crash when processing certain web content (bsc#1240986)
  • CVE-2025-24264: improper memory handling may lead to unexpected crash when processing certain web content (bsc#1240987)
  • CVE-2025-30427: use-after-free issue may lead to an unexpected Safari crash when processing maliciously crafted web content (bsc#1240958)

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP6
WebKitGTK-4.0-lang-2.48.1-150600.12.36.5
WebKitGTK-6.0-lang-2.48.1-150600.12.36.5
libjavascriptcoregtk-4_0-18-2.48.1-150600.12.36.5
libjavascriptcoregtk-6_0-1-2.48.1-150600.12.36.5
libwebkit2gtk-4_0-37-2.48.1-150600.12.36.5
libwebkitgtk-6_0-4-2.48.1-150600.12.36.5
typelib-1_0-JavaScriptCore-4_0-2.48.1-150600.12.36.5
typelib-1_0-WebKit2-4_0-2.48.1-150600.12.36.5
typelib-1_0-WebKit2WebExtension-4_0-2.48.1-150600.12.36.5
webkit2gtk-4_0-injected-bundles-2.48.1-150600.12.36.5
webkit2gtk3-soup2-devel-2.48.1-150600.12.36.5
webkitgtk-6_0-injected-bundles-2.48.1-150600.12.36.5
SUSE Linux Enterprise Module for Desktop Applications 15 SP6
WebKitGTK-4.1-lang-2.48.1-150600.12.36.5
libjavascriptcoregtk-4_1-0-2.48.1-150600.12.36.5
libwebkit2gtk-4_1-0-2.48.1-150600.12.36.5
typelib-1_0-JavaScriptCore-4_1-2.48.1-150600.12.36.5
typelib-1_0-WebKit2-4_1-2.48.1-150600.12.36.5
typelib-1_0-WebKit2WebExtension-4_1-2.48.1-150600.12.36.5
webkit2gtk-4_1-injected-bundles-2.48.1-150600.12.36.5
webkit2gtk3-devel-2.48.1-150600.12.36.5
SUSE Linux Enterprise Module for Development Tools 15 SP6
typelib-1_0-JavaScriptCore-6_0-2.48.1-150600.12.36.5
typelib-1_0-WebKit-6_0-2.48.1-150600.12.36.5
typelib-1_0-WebKitWebProcessExtension-6_0-2.48.1-150600.12.36.5
webkit2gtk4-devel-2.48.1-150600.12.36.5
openSUSE Leap 15.6
WebKitGTK-4.0-lang-2.48.1-150600.12.36.5
WebKitGTK-4.1-lang-2.48.1-150600.12.36.5
WebKitGTK-6.0-lang-2.48.1-150600.12.36.5
libjavascriptcoregtk-4_0-18-2.48.1-150600.12.36.5
libjavascriptcoregtk-4_0-18-32bit-2.48.1-150600.12.36.5
libjavascriptcoregtk-4_1-0-2.48.1-150600.12.36.5
libjavascriptcoregtk-4_1-0-32bit-2.48.1-150600.12.36.5
libjavascriptcoregtk-6_0-1-2.48.1-150600.12.36.5
libwebkit2gtk-4_0-37-2.48.1-150600.12.36.5
libwebkit2gtk-4_0-37-32bit-2.48.1-150600.12.36.5
libwebkit2gtk-4_1-0-2.48.1-150600.12.36.5
libwebkit2gtk-4_1-0-32bit-2.48.1-150600.12.36.5
libwebkitgtk-6_0-4-2.48.1-150600.12.36.5
typelib-1_0-JavaScriptCore-4_0-2.48.1-150600.12.36.5
typelib-1_0-JavaScriptCore-4_1-2.48.1-150600.12.36.5
typelib-1_0-JavaScriptCore-6_0-2.48.1-150600.12.36.5
typelib-1_0-WebKit-6_0-2.48.1-150600.12.36.5
typelib-1_0-WebKit2-4_0-2.48.1-150600.12.36.5
typelib-1_0-WebKit2-4_1-2.48.1-150600.12.36.5
typelib-1_0-WebKit2WebExtension-4_0-2.48.1-150600.12.36.5
typelib-1_0-WebKit2WebExtension-4_1-2.48.1-150600.12.36.5
typelib-1_0-WebKitWebProcessExtension-6_0-2.48.1-150600.12.36.5
webkit-jsc-4-2.48.1-150600.12.36.5
webkit-jsc-4.1-2.48.1-150600.12.36.5
webkit-jsc-6.0-2.48.1-150600.12.36.5
webkit2gtk-4_0-injected-bundles-2.48.1-150600.12.36.5
webkit2gtk-4_1-injected-bundles-2.48.1-150600.12.36.5
webkit2gtk3-devel-2.48.1-150600.12.36.5
webkit2gtk3-minibrowser-2.48.1-150600.12.36.5
webkit2gtk3-soup2-devel-2.48.1-150600.12.36.5
webkit2gtk3-soup2-minibrowser-2.48.1-150600.12.36.5
webkit2gtk4-devel-2.48.1-150600.12.36.5
webkit2gtk4-minibrowser-2.48.1-150600.12.36.5
webkitgtk-6_0-injected-bundles-2.48.1-150600.12.36.5

Ссылки

Описание

The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.6, tvOS 17.6, Safari 17.6, macOS Sonoma 14.6, visionOS 1.3, iOS 17.6 and iPadOS 17.6. Processing web content may lead to a denial-of-service.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-4.0-lang-2.48.1-150600.12.36.5
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-6.0-lang-2.48.1-150600.12.36.5
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-4_0-18-2.48.1-150600.12.36.5
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-6_0-1-2.48.1-150600.12.36.5
Ссылки

Описание

A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4. Loading a malicious iframe may lead to a cross-site scripting attack.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-4.0-lang-2.48.1-150600.12.36.5
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-6.0-lang-2.48.1-150600.12.36.5
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-4_0-18-2.48.1-150600.12.36.5
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-6_0-1-2.48.1-150600.12.36.5
Ссылки

Описание

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Processing maliciously crafted web content may lead to an unexpected process crash.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-4.0-lang-2.48.1-150600.12.36.5
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-6.0-lang-2.48.1-150600.12.36.5
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-4_0-18-2.48.1-150600.12.36.5
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-6_0-1-2.48.1-150600.12.36.5
Ссылки

Описание

This issue was addressed with improved handling of floats. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A type confusion issue could lead to memory corruption.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-4.0-lang-2.48.1-150600.12.36.5
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-6.0-lang-2.48.1-150600.12.36.5
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-4_0-18-2.48.1-150600.12.36.5
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-6_0-1-2.48.1-150600.12.36.5
Ссылки

Описание

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-4.0-lang-2.48.1-150600.12.36.5
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-6.0-lang-2.48.1-150600.12.36.5
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-4_0-18-2.48.1-150600.12.36.5
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-6_0-1-2.48.1-150600.12.36.5
Ссылки

Описание

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-4.0-lang-2.48.1-150600.12.36.5
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-6.0-lang-2.48.1-150600.12.36.5
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-4_0-18-2.48.1-150600.12.36.5
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-6_0-1-2.48.1-150600.12.36.5
Ссылки

Описание

A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-4.0-lang-2.48.1-150600.12.36.5
SUSE Linux Enterprise Module for Basesystem 15 SP6:WebKitGTK-6.0-lang-2.48.1-150600.12.36.5
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-4_0-18-2.48.1-150600.12.36.5
SUSE Linux Enterprise Module for Basesystem 15 SP6:libjavascriptcoregtk-6_0-1-2.48.1-150600.12.36.5
Ссылки
Уязвимость SUSE-SU-2025:1331-1