SUSE-SU-2025:01720-1
- Source
- https://www.suse.com/support/update/announcement/2025/suse-su-202501720-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:01720-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2025:01720-1
- Upstream
- Related
- Published
- 2025-05-27T13:54:56Z
- Modified
- 2026-03-11T07:27:54.221844Z
- Summary
- Security update for webkit2gtk3
- Details
-
This update for webkit2gtk3 fixes the following issues:
Update to version 2.48.2.
Security issues fixed:
- CVE-2025-31205: lack of checks may lead to cross-origin data exfiltration through a malicious website (bsc#1243282).
- CVE-2025-31204: improper memory handling when processing certain web content may lead to memory corruption (bsc#1243286).
- CVE-2025-31206: type confusion issue when processing certain web content may lead to an unexpected crash (bsc#1243288).
- CVE-2025-31215: lack of checks when processing certain web content may lead to an unexpected crash (bsc#1243289).
- CVE-2025-31257: improper memory handling when processing certain web content may lead to an unexpected crash (bsc#1243596).
- CVE-2025-24223: improper memory handling when processing certain web content may lead to memory corruption (bsc#1243424).
Other changes and issues fixed:
- Enable CSS overscroll behavior by default.
- Change threaded rendering implementation to use Skia API instead of WebCore display list that is not thread safe.
- Fix rendering when device scale factor change comes before the web view geometry update.
- Fix network process crash on exit.
- Fix the build with ENABLERESOURCEUSAGE=OFF.
- Fix several crashes and rendering issues.
- References
-
- https://www.suse.com/support/update/announcement/2025/suse-su-202501720-1/
- https://bugzilla.suse.com/1241158
- https://bugzilla.suse.com/1241160
- https://bugzilla.suse.com/1243282
- https://bugzilla.suse.com/1243286
- https://bugzilla.suse.com/1243288
- https://bugzilla.suse.com/1243289
- https://bugzilla.suse.com/1243424
- https://bugzilla.suse.com/1243596
- https://www.suse.com/security/cve/CVE-2023-42875
- https://www.suse.com/security/cve/CVE-2023-42970
- https://www.suse.com/security/cve/CVE-2025-24223
- https://www.suse.com/security/cve/CVE-2025-31204
- https://www.suse.com/security/cve/CVE-2025-31205
- https://www.suse.com/security/cve/CVE-2025-31206
- https://www.suse.com/security/cve/CVE-2025-31215
- https://www.suse.com/security/cve/CVE-2025-31257
Affected packages
SUSE:Linux Enterprise Server 12 SP5-LTSS / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.48.2-4.38.1
Ecosystem specific
{
"binaries": [
{
"webkit2gtk3-devel": "2.48.2-4.38.1",
"typelib-1_0-JavaScriptCore-4_0": "2.48.2-4.38.1",
"libwebkit2gtk3-lang": "2.48.2-4.38.1",
"typelib-1_0-WebKit2-4_0": "2.48.2-4.38.1",
"webkit2gtk-4_0-injected-bundles": "2.48.2-4.38.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.48.2-4.38.1",
"libwebkit2gtk-4_0-37": "2.48.2-4.38.1",
"libjavascriptcoregtk-4_0-18": "2.48.2-4.38.1"
}
]
}
SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 / webkit2gtk3
Package
- Name
- webkit2gtk3
- Purl
- pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.48.2-4.38.1
Ecosystem specific
{
"binaries": [
{
"webkit2gtk3-devel": "2.48.2-4.38.1",
"typelib-1_0-JavaScriptCore-4_0": "2.48.2-4.38.1",
"libwebkit2gtk3-lang": "2.48.2-4.38.1",
"typelib-1_0-WebKit2-4_0": "2.48.2-4.38.1",
"webkit2gtk-4_0-injected-bundles": "2.48.2-4.38.1",
"typelib-1_0-WebKit2WebExtension-4_0": "2.48.2-4.38.1",
"libwebkit2gtk-4_0-37": "2.48.2-4.38.1",
"libjavascriptcoregtk-4_0-18": "2.48.2-4.38.1"
}
]
}