drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in webkit2gtk3
| Name: |
Mehrere Probleme in webkit2gtk3 |
|
| ID: |
SUSE-SU-2025:0735-1 |
|
| Distribution: |
SUSE |
|
| Plattformen: |
SUSE Enterprise Storage 7.1, SUSE Linux Enterprise High Performance Computing 15 SP3, SUSE Linux Enterprise Server 15 SP3, SUSE Linux Enterprise Server for SAP Applications 15 SP3, SUSE Linux Enterprise High Performance Computing LTSS 15 SP3, SUSE Linux Enterprise Server 15 SP3 LTSS |
|
| Datum: |
Do, 27. Februar 2025, 23:10 |
|
| Referenzen: |
https://www.cve.org/CVERecord?id=CVE-2024-54505
https://www.cve.org/CVERecord?id=CVE-2024-54543
https://www.cve.org/CVERecord?id=CVE-2025-24150
https://www.cve.org/CVERecord?id=CVE-2025-24158
https://www.cve.org/CVERecord?id=CVE-2024-54479
https://www.cve.org/CVERecord?id=CVE-2024-54658
https://www.cve.org/CVERecord?id=CVE-2024-54534
https://www.cve.org/CVERecord?id=CVE-2024-27856
https://www.cve.org/CVERecord?id=CVE-2025-24143
https://www.cve.org/CVERecord?id=CVE-2024-54502
https://www.cve.org/CVERecord?id=CVE-2024-54508
https://www.cve.org/CVERecord?id=CVE-2025-24162 |
|
| Applikationen: |
WebKitGTK |
|
Originalnachricht |
--===============0304351518514677194==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
# Security update for webkit2gtk3
Announcement ID: SUSE-SU-2025:0735-1
Release Date: 2025-02-26T18:35:02Z
Rating: important
References:
* bsc#1234851
* bsc#1236946
Cross-References:
* CVE-2024-27856
* CVE-2024-54479
* CVE-2024-54502
* CVE-2024-54505
* CVE-2024-54508
* CVE-2024-54534
* CVE-2024-54543
* CVE-2024-54658
* CVE-2025-24143
* CVE-2025-24150
* CVE-2025-24158
* CVE-2025-24162
CVSS scores:
* CVE-2024-27856 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-27856 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-27856 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-54479 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-54479 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-54479 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-54479 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-54502 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-54502 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-54502 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-54502 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-54505 ( SUSE ): 5.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2024-54505 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
* CVE-2024-54505 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-54505 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-54508 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-54508 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-54508 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-54508 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-54534 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-54534 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-54534 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-54534 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-54543 ( SUSE ): 7.2
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-54543 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
* CVE-2024-54543 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-54543 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-54658 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-54658 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-54658 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-24143 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2025-24143 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-24143 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-24143 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2025-24150 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-24150 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-24150 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-24150 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-24158 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-24158 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-24158 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-24162 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-24162 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-24162 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
An update that solves 12 vulnerabilities can now be installed.
## Description:
This update for webkit2gtk3 fixes the following issues:
Update to version 2.46.6 (bsc#1236946, bsc#1234851):
* CVE-2025-24143: A maliciously crafted webpage may be able to fingerprint
the
user.
* CVE-2025-24150: Copying a URL from Web Inspector may lead to command
injection.
* CVE-2025-24158: Processing web content may lead to a denial-of-service.
* CVE-2025-24162: Processing maliciously crafted web content may lead to an
unexpected process crash.
* CVE-2024-54479: Processing maliciously crafted web content may lead to an
unexpected process crash.
* CVE-2024-54502: Processing maliciously crafted web content may lead to an
unexpected process crash.
* CVE-2024-54505: Processing maliciously crafted web content may lead to
memory corruption.
* CVE-2024-54508: Processing maliciously crafted web content may lead to an
unexpected process crash.
* CVE-2024-54543: Processing maliciously crafted web content may lead to
memory corruption.
Already fixed in previous releases:
* CVE-2024-27856: Processing a file may lead to unexpected app termination or
arbitrary code execution.
* CVE-2024-54534: Processing maliciously crafted web content may lead to
memory corruption.
* CVE-2024-54658: Processing web content may lead to a denial-of-service.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-735=1
* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-735=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-735=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-735=1
## Package List:
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* libwebkit2gtk-4_0-37-2.46.6-150200.133.1
* libwebkit2gtk-4_0-37-debuginfo-2.46.6-150200.133.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.46.6-150200.133.1
* webkit2gtk3-debugsource-2.46.6-150200.133.1
* webkit2gtk-4_0-injected-bundles-2.46.6-150200.133.1
* typelib-1_0-JavaScriptCore-4_0-2.46.6-150200.133.1
* typelib-1_0-WebKit2-4_0-2.46.6-150200.133.1
* libjavascriptcoregtk-4_0-18-2.46.6-150200.133.1
* webkit2gtk3-devel-2.46.6-150200.133.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.46.6-150200.133.1
* typelib-1_0-WebKit2WebExtension-4_0-2.46.6-150200.133.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* libwebkit2gtk3-lang-2.46.6-150200.133.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* libwebkit2gtk-4_0-37-2.46.6-150200.133.1
* libwebkit2gtk-4_0-37-debuginfo-2.46.6-150200.133.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.46.6-150200.133.1
* webkit2gtk3-debugsource-2.46.6-150200.133.1
* webkit2gtk-4_0-injected-bundles-2.46.6-150200.133.1
* typelib-1_0-JavaScriptCore-4_0-2.46.6-150200.133.1
* typelib-1_0-WebKit2-4_0-2.46.6-150200.133.1
* libjavascriptcoregtk-4_0-18-2.46.6-150200.133.1
* webkit2gtk3-devel-2.46.6-150200.133.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.46.6-150200.133.1
* typelib-1_0-WebKit2WebExtension-4_0-2.46.6-150200.133.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* libwebkit2gtk3-lang-2.46.6-150200.133.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* libwebkit2gtk-4_0-37-2.46.6-150200.133.1
* libwebkit2gtk-4_0-37-debuginfo-2.46.6-150200.133.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.46.6-150200.133.1
* webkit2gtk3-debugsource-2.46.6-150200.133.1
* webkit2gtk-4_0-injected-bundles-2.46.6-150200.133.1
* typelib-1_0-JavaScriptCore-4_0-2.46.6-150200.133.1
* typelib-1_0-WebKit2-4_0-2.46.6-150200.133.1
* libjavascriptcoregtk-4_0-18-2.46.6-150200.133.1
* webkit2gtk3-devel-2.46.6-150200.133.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.46.6-150200.133.1
* typelib-1_0-WebKit2WebExtension-4_0-2.46.6-150200.133.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* libwebkit2gtk3-lang-2.46.6-150200.133.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* libwebkit2gtk-4_0-37-2.46.6-150200.133.1
* libwebkit2gtk-4_0-37-debuginfo-2.46.6-150200.133.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.46.6-150200.133.1
* webkit2gtk3-debugsource-2.46.6-150200.133.1
* webkit2gtk-4_0-injected-bundles-2.46.6-150200.133.1
* typelib-1_0-JavaScriptCore-4_0-2.46.6-150200.133.1
* typelib-1_0-WebKit2-4_0-2.46.6-150200.133.1
* libjavascriptcoregtk-4_0-18-2.46.6-150200.133.1
* webkit2gtk3-devel-2.46.6-150200.133.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.46.6-150200.133.1
* typelib-1_0-WebKit2WebExtension-4_0-2.46.6-150200.133.1
* SUSE Enterprise Storage 7.1 (noarch)
* libwebkit2gtk3-lang-2.46.6-150200.133.1
## References:
* https://www.suse.com/security/cve/CVE-2024-27856.html
* https://www.suse.com/security/cve/CVE-2024-54479.html
* https://www.suse.com/security/cve/CVE-2024-54502.html
* https://www.suse.com/security/cve/CVE-2024-54505.html
* https://www.suse.com/security/cve/CVE-2024-54508.html
* https://www.suse.com/security/cve/CVE-2024-54534.html
* https://www.suse.com/security/cve/CVE-2024-54543.html
* https://www.suse.com/security/cve/CVE-2024-54658.html
* https://www.suse.com/security/cve/CVE-2025-24143.html
* https://www.suse.com/security/cve/CVE-2025-24150.html
* https://www.suse.com/security/cve/CVE-2025-24158.html
* https://www.suse.com/security/cve/CVE-2025-24162.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234851
* https://bugzilla.suse.com/show_bug.cgi?id=1236946
--===============0304351518514677194==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
<div class="container">
<h1>Security update for webkit2gtk3</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2025:0735-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2025-02-26T18:35:02Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1234851">bsc#1234851</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1236946">bsc#1236946</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-27856.html">CVE-2024-27856</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-54479.html">CVE-2024-54479</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-54502.html">CVE-2024-54502</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-54505.html">CVE-2024-54505</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-54508.html">CVE-2024-54508</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-54534.html">CVE-2024-54534</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-54543.html">CVE-2024-54543</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-54658.html">CVE-2024-54658</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-24143.html">CVE-2025-24143</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-24150.html">CVE-2025-24150</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-24158.html">CVE-2025-24158</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-24162.html">CVE-2025-24162</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-27856</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">8.5</span>
<span
class="cvss-vector">CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-27856</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">7.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-27856</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">7.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-54479</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">7.1</span>
<span
class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-54479</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-54479</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">7.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-54479</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">7.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-54502</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">7.1</span>
<span
class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-54502</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-54502</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-54502</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-54505</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">5.9</span>
<span
class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-54505</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">7.1</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-54505</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-54505</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">8.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-54508</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">7.1</span>
<span
class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-54508</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-54508</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">7.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-54508</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">7.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-54534</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">8.7</span>
<span
class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-54534</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">8.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-54534</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">8.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-54534</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">9.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-54543</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">7.2</span>
<span
class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-54543</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">8.1</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-54543</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">8.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-54543</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">8.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-54658</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">7.1</span>
<span
class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-54658</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-54658</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-24143</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">7.1</span>
<span
class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-24143</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-24143</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-24143</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-24150</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">8.5</span>
<span
class="cvss-vector">CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-24150</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">7.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-24150</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">8.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-24150</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">8.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-24158</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">7.1</span>
<span
class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-24158</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-24158</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-24162</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">7.1</span>
<span
class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-24162</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">6.5</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2025-24162</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">9.8</span>
<span
class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE
Enterprise Storage 7.1</li>
<li class="list-group-item">SUSE Linux
Enterprise High Performance Computing 15 SP3</li>
<li class="list-group-item">SUSE Linux
Enterprise High Performance Computing LTSS 15 SP3</li>
<li class="list-group-item">SUSE Linux
Enterprise Server 15 SP3</li>
<li class="list-group-item">SUSE Linux
Enterprise Server 15 SP3 LTSS</li>
<li class="list-group-item">SUSE Linux
Enterprise Server for SAP Applications 15 SP3</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves 12 vulnerabilities can now be
installed.</p>
<h2>Description:</h2>
<p>This update for webkit2gtk3 fixes the following issues:</p>
<p>Update to version 2.46.6 (bsc#1236946, bsc#1234851):</p>
<ul>
<li>CVE-2025-24143: A maliciously crafted webpage may be able to
fingerprint the user.</li>
<li>CVE-2025-24150: Copying a URL from Web Inspector may lead to command
injection.</li>
<li>CVE-2025-24158: Processing web content may lead to a
denial-of-service.</li>
<li>CVE-2025-24162: Processing maliciously crafted web content may lead
to an unexpected process crash.</li>
<li>CVE-2024-54479: Processing maliciously crafted web content may lead
to an unexpected process crash.</li>
<li>CVE-2024-54502: Processing maliciously crafted web content may lead
to an unexpected process crash.</li>
<li>CVE-2024-54505: Processing maliciously crafted web content may lead
to memory corruption.</li>
<li>CVE-2024-54508: Processing maliciously crafted web content may lead
to an unexpected process crash.</li>
<li>CVE-2024-54543: Processing maliciously crafted web content may lead
to memory corruption.</li>
</ul>
<p>Already fixed in previous releases:</p>
<ul>
<li>CVE-2024-27856: Processing a file may lead to unexpected app
termination or arbitrary code execution.</li>
<li>CVE-2024-54534: Processing maliciously crafted web content may lead
to memory corruption.</li>
<li>CVE-2024-54658: Processing web content may lead to a
denial-of-service.</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper
patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-735=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 15 SP3 LTSS
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-735=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 15 SP3
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-SLES_SAP-15-SP3-2025-735=1</code>
</li>
<li class="list-group-item">
SUSE Enterprise Storage 7.1
<br/>
<code>zypper in -t patch
SUSE-Storage-7.1-2025-735=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Enterprise High Performance Computing LTSS 15
SP3 (aarch64 x86_64)
<ul>
<li>libwebkit2gtk-4_0-37-2.46.6-150200.133.1</li>
<li>libwebkit2gtk-4_0-37-debuginfo-2.46.6-150200.133.1</li>
<li>webkit2gtk-4_0-injected-bundles-debuginfo-2.46.6-150200.133.1</li>
<li>webkit2gtk3-debugsource-2.46.6-150200.133.1</li>
<li>webkit2gtk-4_0-injected-bundles-2.46.6-150200.133.1</li>
<li>typelib-1_0-JavaScriptCore-4_0-2.46.6-150200.133.1</li>
<li>typelib-1_0-WebKit2-4_0-2.46.6-150200.133.1</li>
<li>libjavascriptcoregtk-4_0-18-2.46.6-150200.133.1</li>
<li>webkit2gtk3-devel-2.46.6-150200.133.1</li>
<li>libjavascriptcoregtk-4_0-18-debuginfo-2.46.6-150200.133.1</li>
<li>typelib-1_0-WebKit2WebExtension-4_0-2.46.6-150200.133.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing LTSS 15
SP3 (noarch)
<ul>
<li>libwebkit2gtk3-lang-2.46.6-150200.133.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le
s390x x86_64)
<ul>
<li>libwebkit2gtk-4_0-37-2.46.6-150200.133.1</li>
<li>libwebkit2gtk-4_0-37-debuginfo-2.46.6-150200.133.1</li>
<li>webkit2gtk-4_0-injected-bundles-debuginfo-2.46.6-150200.133.1</li>
<li>webkit2gtk3-debugsource-2.46.6-150200.133.1</li>
<li>webkit2gtk-4_0-injected-bundles-2.46.6-150200.133.1</li>
<li>typelib-1_0-JavaScriptCore-4_0-2.46.6-150200.133.1</li>
<li>typelib-1_0-WebKit2-4_0-2.46.6-150200.133.1</li>
<li>libjavascriptcoregtk-4_0-18-2.46.6-150200.133.1</li>
<li>webkit2gtk3-devel-2.46.6-150200.133.1</li>
<li>libjavascriptcoregtk-4_0-18-debuginfo-2.46.6-150200.133.1</li>
<li>typelib-1_0-WebKit2WebExtension-4_0-2.46.6-150200.133.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
<ul>
<li>libwebkit2gtk3-lang-2.46.6-150200.133.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 15 SP3
(ppc64le x86_64)
<ul>
<li>libwebkit2gtk-4_0-37-2.46.6-150200.133.1</li>
<li>libwebkit2gtk-4_0-37-debuginfo-2.46.6-150200.133.1</li>
<li>webkit2gtk-4_0-injected-bundles-debuginfo-2.46.6-150200.133.1</li>
<li>webkit2gtk3-debugsource-2.46.6-150200.133.1</li>
<li>webkit2gtk-4_0-injected-bundles-2.46.6-150200.133.1</li>
<li>typelib-1_0-JavaScriptCore-4_0-2.46.6-150200.133.1</li>
<li>typelib-1_0-WebKit2-4_0-2.46.6-150200.133.1</li>
<li>libjavascriptcoregtk-4_0-18-2.46.6-150200.133.1</li>
<li>webkit2gtk3-devel-2.46.6-150200.133.1</li>
<li>libjavascriptcoregtk-4_0-18-debuginfo-2.46.6-150200.133.1</li>
<li>typelib-1_0-WebKit2WebExtension-4_0-2.46.6-150200.133.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 15 SP3
(noarch)
<ul>
<li>libwebkit2gtk3-lang-2.46.6-150200.133.1</li>
</ul>
</li>
<li>
SUSE Enterprise Storage 7.1 (aarch64 x86_64)
<ul>
<li>libwebkit2gtk-4_0-37-2.46.6-150200.133.1</li>
<li>libwebkit2gtk-4_0-37-debuginfo-2.46.6-150200.133.1</li>
<li>webkit2gtk-4_0-injected-bundles-debuginfo-2.46.6-150200.133.1</li>
<li>webkit2gtk3-debugsource-2.46.6-150200.133.1</li>
<li>webkit2gtk-4_0-injected-bundles-2.46.6-150200.133.1</li>
<li>typelib-1_0-JavaScriptCore-4_0-2.46.6-150200.133.1</li>
<li>typelib-1_0-WebKit2-4_0-2.46.6-150200.133.1</li>
<li>libjavascriptcoregtk-4_0-18-2.46.6-150200.133.1</li>
<li>webkit2gtk3-devel-2.46.6-150200.133.1</li>
<li>libjavascriptcoregtk-4_0-18-debuginfo-2.46.6-150200.133.1</li>
<li>typelib-1_0-WebKit2WebExtension-4_0-2.46.6-150200.133.1</li>
</ul>
</li>
<li>
SUSE Enterprise Storage 7.1 (noarch)
<ul>
<li>libwebkit2gtk3-lang-2.46.6-150200.133.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-27856.html">https://www.suse.com/security/cve/CVE-2024-27856.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-54479.html">https://www.suse.com/security/cve/CVE-2024-54479.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-54502.html">https://www.suse.com/security/cve/CVE-2024-54502.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-54505.html">https://www.suse.com/security/cve/CVE-2024-54505.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-54508.html">https://www.suse.com/security/cve/CVE-2024-54508.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-54534.html">https://www.suse.com/security/cve/CVE-2024-54534.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-54543.html">https://www.suse.com/security/cve/CVE-2024-54543.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-54658.html">https://www.suse.com/security/cve/CVE-2024-54658.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-24143.html">https://www.suse.com/security/cve/CVE-2025-24143.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-24150.html">https://www.suse.com/security/cve/CVE-2025-24150.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-24158.html">https://www.suse.com/security/cve/CVE-2025-24158.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-24162.html">https://www.suse.com/security/cve/CVE-2025-24162.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1234851">https://bugzilla.suse.com/show_bug.cgi?id=1234851</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1236946">https://bugzilla.suse.com/show_bug.cgi?id=1236946</a>
</li>
</ul>
</div>
--===============0304351518514677194==--
|
|
|
|
