Alerts This Week
Warning Icon 1 774
Alerts This Week
Warning Icon 1 774

openSUSE: webkit2gtk3 Important Fixes for 25 Security Issues 2026:0021-1

opensuse
Calendar Grey January 5, 2026
Dist Opensuse Esm H88
An important security update for openSUSE fixes 25 critical issues in webkit2gtk3. Install updates to secure your system.
An update that solves 25 vulnerabilities can now be installed.

Description

This update for webkit2gtk3 fixes the following issues:

Update to version 2.50.4.

Security issues fixed:

* CVE-2025-13502: processing of maliciously crafted payloads by the GLib

remote inspector server may lead to a UIProcess crash due to an out-of-

bounds read and an integer underflow (bsc#1254208).

* CVE-2025-13947: use of the file drag-and-drop mechanism may lead to remote

information disclosure due to a lack of verification of the origins of drag

operations (bsc#1254473).

* CVE-2025-14174: processing maliciously crafted web content may lead to

memory corruption due to improper validation (bsc#1255497).

* CVE-2025-43392: websites may exfiltrate image data cross-origin due to

issues with cache handling (bsc#1254165).

* CVE-2025-43421: processing maliciously crafted web content may lead to an

unexpected process crash due to enabled array allocation sinking

(bsc#1254167).

* CVE-2025-43425: processing maliciously crafted web content may...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory buffer overflow important OpenSUSE webkit2gtk3 remote information disclosure

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* Development Tools Module 15-SP7

zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-21=1

* SUSE Linux Enterprise Server 15 SP6 LTSS

zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-21=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6

zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-21=1

* openSUSE Leap 15.6

zypper in -t patch SUSE-2026-21=1 openSUSE-SLE-15.6-2026-21=1

* Basesystem Module 15-SP6

zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2026-21=1

* Basesystem Module 15-SP7

zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-21=1

* Desktop Applications Module 15-SP6

zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2026-21=1

* Desktop Applications Module 15-SP7

zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-21=1

*...

Read the Full Advisory

Package List

* Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64)

* webkit2gtk4-debugsource-2.50.4-150600.12.54.1

* typelib-1_0-JavaScriptCore-6_0-2.50.4-150600.12.54.1

* typelib-1_0-WebKitWebProcessExtension-6_0-2.50.4-150600.12.54.1

* typelib-1_0-WebKit-6_0-2.50.4-150600.12.54.1

* webkit2gtk4-devel-2.50.4-150600.12.54.1

* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)

* WebKitGTK-4.0-lang-2.50.4-150600.12.54.1

* WebKitGTK-6.0-lang-2.50.4-150600.12.54.1

* WebKitGTK-4.1-lang-2.50.4-150600.12.54.1

* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)

* libwebkit2gtk-4_1-0-debuginfo-2.50.4-150600.12.54.1

* libwebkit2gtk-4_0-37-debuginfo-2.50.4-150600.12.54.1

* libjavascriptcoregtk-4_0-18-debuginfo-2.50.4-150600.12.54.1

* webkit2gtk-4_0-injected-bundles-2.50.4-150600.12.54.1

* webkit2gtk-4_1-injected-bundles-2.50.4-150600.12.54.1

* webkit2gtk3-soup2-debugsource-2.50.4-150600.12.54.1

* libjavascriptcoregtk-4_1-0-2.50.4-150600.12.54.1

* webkit2gtk4-debugsource-2.50.4-150600.12.54.1

*...

Read the Full Advisory

References

* bsc#1254164

* bsc#1254165

* bsc#1254166

* bsc#1254167

* bsc#1254168

* bsc#1254169

* bsc#1254170

* bsc#1254171

* bsc#1254172

* bsc#1254174

* bsc#1254175

* bsc#1254176

* bsc#1254177

* bsc#1254179

* bsc#1254208

* bsc#1254473

* bsc#1254498

* bsc#1254509

* bsc#1255183

* bsc#1255191

* bsc#1255194

* bsc#1255195

* bsc#1255198

* bsc#1255200

* bsc#1255497

## References:

* https://www.suse.com/security/cve/CVE-2023-43000.html

* https://www.suse.com/security/cve/CVE-2025-13502.html

* https://www.suse.com/security/cve/CVE-2025-13947.html

* https://www.suse.com/security/cve/CVE-2025-14174.html

* https://www.suse.com/security/cve/CVE-2025-43392.html

* https://www.suse.com/security/cve/CVE-2025-43419.html

* https://www.suse.com/security/cve/CVE-2025-43421.html

* https://www.suse.com/security/cve/CVE-2025-43425.html

* https://www.suse.com/security/cve/CVE-2025-43427.html

* https://www.suse.com/security/cve/CVE-2025-43429.html

* https://www.suse.com/security/cve/CVE-2025-43430.html

* https://www.suse.com/security/cve/CVE-2025-43431.html

*...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:0021-1
Release Date: 2026-01-05T11:16:02Z
Affected Products: * Basesystem Module 15-SP6 * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP6 * Desktop Applications Module 15-SP7 * Development Tools Module 15-SP6 * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7

Topics%20covered

Topics Covered

security advisory buffer overflow important OpenSUSE webkit2gtk3 remote information disclosure

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here