Описание
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues:
Update to version 2.52.0:
- CVE-2023-43010: processing maliciously crafted web content may lead to memory corruption (bsc#1259950).
- CVE-2025-31223: processing maliciously crafted web content may lead to memory corruption (bsc#1259949).
- CVE-2025-31277: processing maliciously crafted web content may lead to memory corruption (bsc#1259948).
- CVE-2025-43213: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259947).
- CVE-2025-43214: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259946).
- CVE-2025-43433: processing maliciously crafted web content may lead to memory corruption (bsc#1259945).
- CVE-2025-43438: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259944).
- CVE-2025-43441: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259943).
- CVE-2025-43457: processing maliciously crafted web content may lead to an unexpected crash (bsc#1259942).
- CVE-2025-43511: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259941).
- CVE-2025-46299: processing maliciously crafted web content may disclose internal states of an app (bsc#1259940).
- CVE-2026-20608: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259939).
- CVE-2026-20635: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259938).
- CVE-2026-20636: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259937).
- CVE-2026-20644: processing maliciously crafted web content may lead to an unexpected process crash (bsc#1259936).
- CVE-2026-20652: a remote attacker may be able to cause a denial-of-service (bsc#1259935).
- CVE-2026-20676: a website may be able to track users through web extensions (bsc#1259934).
Changelog:
- Make scrolling with touch input smoother for small movements.
- Fix estimated load progress of downloads when Content-Length value is wrong.
- Ensure that 'scrollend' events are correctly emitted after scroll animations.
- Fix several crashes and rendering issues.
Список пакетов
SUSE Linux Enterprise Server 12 SP5-LTSS
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
Ссылки
- Link for SUSE-SU-2026:1139-1
- E-Mail link for SUSE-SU-2026:1139-1
- SUSE Security Ratings
- SUSE Bug 1259934
- SUSE Bug 1259935
- SUSE Bug 1259936
- SUSE Bug 1259937
- SUSE Bug 1259938
- SUSE Bug 1259939
- SUSE Bug 1259940
- SUSE Bug 1259941
- SUSE Bug 1259942
- SUSE Bug 1259943
- SUSE Bug 1259944
- SUSE Bug 1259945
- SUSE Bug 1259946
- SUSE Bug 1259947
- SUSE Bug 1259948
- SUSE Bug 1259949
- SUSE Bug 1259950
Описание
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing.
Затронутые продукты
Ссылки
- CVE-2023-42843
- SUSE Bug 1222010
Описание
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption.
Затронутые продукты
Ссылки
- CVE-2023-43010
- SUSE Bug 1259950
Описание
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, Safari 17.4, tvOS 17.4, watchOS 10.4, visionOS 1.1, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service.
Затронутые продукты
Ссылки
- CVE-2024-54658
- SUSE Bug 1236946
Описание
A flaw was found in WebKitGTK and WPE WebKit. This vulnerability allows an out-of-bounds read and integer underflow, leading to a UIProcess crash (DoS) via a crafted payload to the GLib remote inspector server.
Затронутые продукты
Ссылки
- CVE-2025-13502
- SUSE Bug 1254208
Описание
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.
Затронутые продукты
Ссылки
- CVE-2025-31223
- SUSE Bug 1259949
Описание
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may lead to memory corruption.
Затронутые продукты
Ссылки
- CVE-2025-31277
- SUSE Bug 1259948
Описание
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Затронутые продукты
Ссылки
- CVE-2025-43213
- SUSE Bug 1259947
Описание
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, watchOS 11.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, macOS Sequoia 15.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Затронутые продукты
Ссылки
- CVE-2025-43214
- SUSE Bug 1259946
Описание
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Затронутые продукты
Ссылки
- CVE-2025-43368
- SUSE Bug 1250442
Описание
The issue was addressed with improved memory handling. This issue is fixed in Safari 26, tvOS 26, watchOS 26, iOS 26 and iPadOS 26, visionOS 26. Processing maliciously crafted web content may lead to memory corruption.
Затронутые продукты
Ссылки
- CVE-2025-43419
- SUSE Bug 1254166
Описание
The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Processing maliciously crafted web content may lead to memory corruption.
Затронутые продукты
Ссылки
- CVE-2025-43433
- SUSE Bug 1259945
Описание
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Затронутые продукты
Ссылки
- CVE-2025-43434
- SUSE Bug 1254179
Описание
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Затронутые продукты
Ссылки
- CVE-2025-43438
- SUSE Bug 1259944
Описание
This issue was addressed with improved checks This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
Ссылки
- CVE-2025-43440
- SUSE Bug 1254177
Описание
The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
Ссылки
- CVE-2025-43441
- SUSE Bug 1259943
Описание
This issue was addressed with improved checks. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
Ссылки
- CVE-2025-43443
- SUSE Bug 1254176
Описание
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Затронутые продукты
Ссылки
- CVE-2025-43457
- SUSE Bug 1259942
Описание
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
Ссылки
- CVE-2025-43511
- SUSE Bug 1259941
Описание
A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may disclose internal states of the app.
Затронутые продукты
Ссылки
- CVE-2025-46299
- SUSE Bug 1259940
Описание
This issue was addressed through improved state management. This issue is fixed in macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
Ссылки
- CVE-2026-20608
- SUSE Bug 1259939
Описание
The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
Ссылки
- CVE-2026-20635
- SUSE Bug 1259938
Описание
The issue was addressed with improved memory handling. This issue is fixed in iOS 26.3 and iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
Ссылки
- CVE-2026-20636
- SUSE Bug 1259937
Описание
The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. Processing maliciously crafted web content may lead to an unexpected process crash.
Затронутые продукты
Ссылки
- CVE-2026-20644
- SUSE Bug 1259936
Описание
The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3, Safari 26.3. A remote attacker may be able to cause a denial-of-service.
Затронутые продукты
Ссылки
- CVE-2026-20652
- SUSE Bug 1259935
Описание
This issue was addressed through improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions.
Затронутые продукты
Ссылки
- CVE-2026-20676
- SUSE Bug 1259934