Alerts This Week
Warning Icon 1 659
Alerts This Week
Warning Icon 1 659

openSUSE 15.6: 2025:01746-1 important: webkit2gtk3 security risks

opensuse
Calendar Grey May 29, 2025
Dist Opensuse Esm H88
Important security patch released for Fedora remedying webkitgtk3 concerns with 8 vulnerabilities including unauthorized data access.
An update that solves nine vulnerabilities can now be installed.

Description

This update for webkit2gtk3 fixes the following issues:

Update to version 2.48.2.

Security issues fixed:

* CVE-2025-31205: lack of checks may lead to cross-origin data exfiltration

through a malicious website (bsc#1243282).

* CVE-2025-31204: improper memory handling when processing certain web content

may lead to memory corruption (bsc#1243286).

* CVE-2025-31206: type confusion issue when processing certain web content may

lead to an unexpected crash (bsc#1243288).

* CVE-2025-31215: lack of checks when processing certain web content may lead

to an unexpected crash (bsc#1243289).

* CVE-2025-31257: improper memory handling when processing certain web content

may lead to an unexpected crash (bsc#1243596).

* CVE-2025-24223: improper memory handling when processing certain web content

may lead to memory corruption (bsc#1243424).

Other changes and issues fixed:

* Enable CSS overscroll behavior by default.

* Change threaded rendering...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory memory corruption openSUSE important security issue webkit2gtk3 cross-origin data loss

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6

zypper in -t patch SUSE-2025-1746=1 openSUSE-SLE-15.6-2025-1746=1

* Basesystem Module 15-SP6

zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1746=1

* Basesystem Module 15-SP7

zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-1746=1

* Desktop Applications Module 15-SP6

zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-1746=1

* Desktop Applications Module 15-SP7

zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-1746=1

* Development Tools Module 15-SP6

zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-1746=1

* Development Tools Module 15-SP7

zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2025-1746=1

Package List

* openSUSE Leap 15.6 (noarch)

* WebKitGTK-4.1-lang-2.48.2-150600.12.40.2

* WebKitGTK-4.0-lang-2.48.2-150600.12.40.2

* WebKitGTK-6.0-lang-2.48.2-150600.12.40.2

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)

* webkit2gtk-4_1-injected-bundles-2.48.2-150600.12.40.2

* libwebkitgtk-6_0-4-debuginfo-2.48.2-150600.12.40.2

* webkit2gtk3-minibrowser-debuginfo-2.48.2-150600.12.40.2

* libjavascriptcoregtk-4_1-0-2.48.2-150600.12.40.2

* typelib-1_0-JavaScriptCore-4_1-2.48.2-150600.12.40.2

* typelib-1_0-JavaScriptCore-4_0-2.48.2-150600.12.40.2

* typelib-1_0-WebKit2-4_0-2.48.2-150600.12.40.2

* libwebkit2gtk-4_0-37-debuginfo-2.48.2-150600.12.40.2

* libjavascriptcoregtk-6_0-1-2.48.2-150600.12.40.2

* webkit-jsc-6.0-2.48.2-150600.12.40.2

* webkit2gtk3-devel-2.48.2-150600.12.40.2

* libjavascriptcoregtk-6_0-1-debuginfo-2.48.2-150600.12.40.2

* typelib-1_0-WebKit-6_0-2.48.2-150600.12.40.2

* webkit2gtk4-minibrowser-debuginfo-2.48.2-150600.12.40.2

* webkit-jsc-4-2.48.2-150600.12.40.2

*...

Read the Full Advisory

References

* bsc#1222905

* bsc#1241158

* bsc#1241160

* bsc#1243282

* bsc#1243286

* bsc#1243288

* bsc#1243289

* bsc#1243424

* bsc#1243596

## References:

* https://www.suse.com/security/cve/CVE-2023-42875.html

* https://www.suse.com/security/cve/CVE-2023-42970.html

* https://www.suse.com/security/cve/CVE-2024-23226.html

* https://www.suse.com/security/cve/CVE-2025-24223.html

* https://www.suse.com/security/cve/CVE-2025-31204.html

* https://www.suse.com/security/cve/CVE-2025-31205.html

* https://www.suse.com/security/cve/CVE-2025-31206.html

* https://www.suse.com/security/cve/CVE-2025-31215.html

* https://www.suse.com/security/cve/CVE-2025-31257.html

* https://bugzilla.suse.com/show_bug.cgi?id=1222905

* https://bugzilla.suse.com/show_bug.cgi?id=1241158

* https://bugzilla.suse.com/show_bug.cgi?id=1241160

* https://bugzilla.suse.com/show_bug.cgi?id=1243282

* https://bugzilla.suse.com/show_bug.cgi?id=1243286

* https://bugzilla.suse.com/show_bug.cgi?id=1243288

* https://bugzilla.suse.com/show_bug.cgi?id=1243289

*...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:01746-1
Release Date: 2025-05-29T12:38:02Z
Affected Products: * Basesystem Module 15-SP6 * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP6 * Desktop Applications Module 15-SP7 * Development Tools Module 15-SP6 * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7

Topics%20covered

Topics Covered

security advisory memory corruption openSUSE important security issue webkit2gtk3 cross-origin data loss

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here