SUSE-SU-2025:0104-1
- Source
- https://www.suse.com/support/update/announcement/2025/suse-su-20250104-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0104-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2025:0104-1
- Related
- Published
- 2025-01-14T18:04:01Z
- Modified
- 2025-01-14T18:04:01Z
- Summary
- Security update for webkit2gtk3
- Details
-
This update for webkit2gtk3 fixes the following issues:
Update to version 2.46.5 (bsc#1234851):
Security fixes:
- CVE-2024-54479: Processing maliciously crafted web content may lead to an unexpected process crash
- CVE-2024-54502: Processing maliciously crafted web content may lead to an unexpected process crash
- CVE-2024-54505: Processing maliciously crafted web content may lead to memory corruption
- CVE-2024-54508: Processing maliciously crafted web content may lead to an unexpected process crash
- CVE-2024-54534: Processing maliciously crafted web content may lead to memory corruption
Other fixes:
- Fix the build with GBM and release logs disabled.
- Fix several crashes and rendering issues.
- Improve memory consumption and performance of Canvas getImageData.
- Fix preserve-3D intersection rendering.
- Fix video dimensions since GStreamer 1.24.9.
- Fix the HTTP-based remote Web Inspector not loading in Chromium.
- Fix content filters not working on about:blank iframes.
- Fix several crashes and rendering issues.
- References
-
- https://www.suse.com/support/update/announcement/2025/suse-su-20250104-1/
- https://bugzilla.suse.com/1234851
- https://www.suse.com/security/cve/CVE-2024-40866
- https://www.suse.com/security/cve/CVE-2024-44185
- https://www.suse.com/security/cve/CVE-2024-44187
- https://www.suse.com/security/cve/CVE-2024-44308
- https://www.suse.com/security/cve/CVE-2024-44309
- https://www.suse.com/security/cve/CVE-2024-54479
- https://www.suse.com/security/cve/CVE-2024-54502
- https://www.suse.com/security/cve/CVE-2024-54505
- https://www.suse.com/security/cve/CVE-2024-54508
- https://www.suse.com/security/cve/CVE-2024-54534
Affected packages
SUSE:Linux Enterprise Server 12 SP5-LTSS / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.46.5-4.25.1
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-WebKit2-4_0": "2.46.5-4.25.1",
"typelib-1_0-JavaScriptCore-4_0": "2.46.5-4.25.1",
"libjavascriptcoregtk-4_0-18": "2.46.5-4.25.1",
"webkit2gtk-4_0-injected-bundles": "2.46.5-4.25.1",
"libwebkit2gtk-4_0-37": "2.46.5-4.25.1",
"libwebkit2gtk3-lang": "2.46.5-4.25.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.46.5-4.25.1",
"webkit2gtk3-devel": "2.46.5-4.25.1"
}
]
}
SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.46.5-4.25.1
Ecosystem specific
{
"binaries": [
{
"typelib-1_0-WebKit2-4_0": "2.46.5-4.25.1",
"typelib-1_0-JavaScriptCore-4_0": "2.46.5-4.25.1",
"libjavascriptcoregtk-4_0-18": "2.46.5-4.25.1",
"webkit2gtk-4_0-injected-bundles": "2.46.5-4.25.1",
"libwebkit2gtk-4_0-37": "2.46.5-4.25.1",
"libwebkit2gtk3-lang": "2.46.5-4.25.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.46.5-4.25.1",
"webkit2gtk3-devel": "2.46.5-4.25.1"
}
]
}