Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:4528-1

Опубликовано: 26 дек. 2025
Источник: suse-cvrf

Описание

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues:

Update to version 2.50.4.

Security issues fixed:

  • CVE-2025-14174: processing maliciously crafted web content may lead to memory corruption due to improper validation (bsc#1255497).
  • CVE-2025-43501: processing maliciously crafted web content may lead to an unexpected process crash due to a buffer overflow issue (bsc#1255194).
  • CVE-2025-43529: processing maliciously crafted web content may lead to arbitrary code execution due to a use-after-free issue (bsc#1255198).
  • CVE-2025-43531: processing maliciously crafted web content may lead to an unexpected process crash due to a race condition (bsc#1255183).
  • CVE-2025-43535: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1255195).
  • CVE-2025-43536: processing maliciously crafted web content may lead to an unexpected process crash due to a use-after-free issue (bsc#1255200).
  • CVE-2025-43541: processing maliciously crafted web content may lead to an unexpected process crash due to type confusion (bsc#1255191).

Other updates and bugfixes:

  • Correctly handle the program name passed to the sleep disabler.
  • Ensure GStreamer is initialized before using the Quirks.
  • Fix several crashes and rendering issues.

Список пакетов

SUSE Linux Enterprise Server 12 SP5-LTSS
libjavascriptcoregtk-4_0-18-2.50.4-4.51.1
libwebkit2gtk-4_0-37-2.50.4-4.51.1
libwebkit2gtk3-lang-2.50.4-4.51.1
typelib-1_0-JavaScriptCore-4_0-2.50.4-4.51.1
typelib-1_0-WebKit2-4_0-2.50.4-4.51.1
typelib-1_0-WebKit2WebExtension-4_0-2.50.4-4.51.1
webkit2gtk-4_0-injected-bundles-2.50.4-4.51.1
webkit2gtk3-devel-2.50.4-4.51.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
libjavascriptcoregtk-4_0-18-2.50.4-4.51.1
libwebkit2gtk-4_0-37-2.50.4-4.51.1
libwebkit2gtk3-lang-2.50.4-4.51.1
typelib-1_0-JavaScriptCore-4_0-2.50.4-4.51.1
typelib-1_0-WebKit2-4_0-2.50.4-4.51.1
typelib-1_0-WebKit2WebExtension-4_0-2.50.4-4.51.1
webkit2gtk-4_0-injected-bundles-2.50.4-4.51.1
webkit2gtk3-devel-2.50.4-4.51.1

Ссылки

Описание

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.50.4-4.51.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.50.4-4.51.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.50.4-4.51.1
SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.50.4-4.51.1
Ссылки

Описание

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.50.4-4.51.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.50.4-4.51.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.50.4-4.51.1
SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.50.4-4.51.1
Ссылки

Описание

A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.50.4-4.51.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.50.4-4.51.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.50.4-4.51.1
SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.50.4-4.51.1
Ссылки

Описание

A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.50.4-4.51.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.50.4-4.51.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.50.4-4.51.1
SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.50.4-4.51.1
Ссылки

Описание

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.50.4-4.51.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.50.4-4.51.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.50.4-4.51.1
SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.50.4-4.51.1
Ссылки

Описание

A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3. Processing maliciously crafted web content may lead to an unexpected process crash.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.50.4-4.51.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.50.4-4.51.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.50.4-4.51.1
SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.50.4-4.51.1
Ссылки

Описание

A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:libjavascriptcoregtk-4_0-18-2.50.4-4.51.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk-4_0-37-2.50.4-4.51.1
SUSE Linux Enterprise Server 12 SP5-LTSS:libwebkit2gtk3-lang-2.50.4-4.51.1
SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-JavaScriptCore-4_0-2.50.4-4.51.1
Ссылки
Уязвимость SUSE-SU-2025:4528-1