Alerts This Week
Warning Icon 1 905
Alerts This Week
Warning Icon 1 905

openSUSE: 2025:1033-1 moderate: webkit2gtk3 Advisory Security Update

opensuse
Calendar Grey March 26, 2025
Dist Opensuse Esm H88
This update addresses significant issues in webkit2gtk3 to enhance security and prevent data leaks.
An update that solves three vulnerabilities can now be installed.

Description

This update for webkit2gtk3 fixes the following issues:

* CVE-2024-44192: Fixed unexpected process crash due to processing maliciously

crafted web content (bsc#1239863)

* CVE-2024-54467: Fixed data exilfration cross-origin due to a cookie

management issue via a malicious website (bsc#1239864)

Other fixes: \- Update to version 2.48.0 \+ Move tiles rendering to worker

threads when rendering with the GPU. \+ Fix preserve-3D intersection rendering.

\+ Added new function for creating Promise objects to JavaScripotCore GLib API.

\+ The MediaRecorder backend gained WebM support (requires at least GStreamer

1.24.9) and audio bitrate configuration support. \+ Fix invalid DPI-aware font

size conversion. \+ Bring back support for OpenType-SVG fonts using Skia SVG

module. \+ Add metadata (title and creation/modification date) to the PDF

document generated for printing. \+ Propagate the font’s computed locale to

HarfBuzz. \+ The GPU process build is now enabled for WebGL, but...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate security issue update openSUSE webkit2gtk3

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4

zypper in -t patch SUSE-2025-1033=1

Package List

* openSUSE Leap 15.4 (noarch)

* WebKitGTK-6.0-lang-2.48.0-150400.4.112.1

* WebKitGTK-4.0-lang-2.48.0-150400.4.112.1

* WebKitGTK-4.1-lang-2.48.0-150400.4.112.1

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)

* typelib-1_0-WebKit2-4_1-2.48.0-150400.4.112.1

* libjavascriptcoregtk-6_0-1-debuginfo-2.48.0-150400.4.112.1

* typelib-1_0-WebKit-6_0-2.48.0-150400.4.112.1

* libjavascriptcoregtk-4_1-0-2.48.0-150400.4.112.1

* typelib-1_0-JavaScriptCore-6_0-2.48.0-150400.4.112.1

* libjavascriptcoregtk-4_1-0-debuginfo-2.48.0-150400.4.112.1

* webkit2gtk4-minibrowser-2.48.0-150400.4.112.1

* libjavascriptcoregtk-6_0-1-2.48.0-150400.4.112.1

* webkitgtk-6_0-injected-bundles-debuginfo-2.48.0-150400.4.112.1

* libwebkit2gtk-4_0-37-debuginfo-2.48.0-150400.4.112.1

* libjavascriptcoregtk-4_0-18-debuginfo-2.48.0-150400.4.112.1

* webkit2gtk3-soup2-debugsource-2.48.0-150400.4.112.1

* webkit2gtk3-soup2-devel-2.48.0-150400.4.112.1

* typelib-1_0-JavaScriptCore-4_1-2.48.0-150400.4.112.1

* webkit-jsc-6.0-2.48.0-150400.4.112.1

*...

Read the Full Advisory

References

* bsc#1239863

* bsc#1239864

* bsc#1239950

## References:

* https://www.suse.com/security/cve/CVE-2024-44192.html

* https://www.suse.com/security/cve/CVE-2024-54467.html

* https://www.suse.com/security/cve/CVE-2025-24201.html

* https://bugzilla.suse.com/show_bug.cgi?id=1239863

* https://bugzilla.suse.com/show_bug.cgi?id=1239864

* https://bugzilla.suse.com/show_bug.cgi?id=1239950

Announcement ID: SUSE-SU-2025:1033-1
Release Date: 2025-03-26T15:44:39Z
Affected Products: * openSUSE Leap 15.4

Topics%20covered

Topics Covered

security advisory moderate security issue update openSUSE webkit2gtk3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here