openSUSE: webkit2gtk3 Important Memory Corruption Issues 2026:20065-1
opensuse
January 21, 2026
An update that solves 30 vulnerabilities and has 30 bug fixes can now be installed.
Description
This update for webkit2gtk3 fixes the following issues:
Update to version 2.50.4.
Security issues fixed:
- CVE-2025-13502: processing of maliciously crafted payloads by the GLib remote inspector server may lead to a
UIProcess crash due to an out-of-bounds read and an integer underflow (bsc#1254208).
- CVE-2025-13947: use of the file drag-and-drop mechanism may lead to remote information disclosure due to a lack of
verification of the origins of drag operations (bsc#1254473).
- CVE-2025-14174: processing maliciously crafted web content may lead to memory corruption due to improper validation
(bsc#1255497).
- CVE-2025-43272: processing maliciously crafted web content may lead to an unexpected process crash due to improper
memory handling (bsc#1250439).
- CVE-2025-43342: processing maliciously crafted web content may lead to an unexpected process crash due to a
correctness issue and missing checks (bsc#1250440).
- CVE-2025-43343: processing maliciously crafted web content...
Read the Full Advisory
Topics Covered
Patch
Package List
- openSUSE Leap 16.0:
WebKitGTK-4.0-lang-2.50.4-160000.1.1
WebKitGTK-4.1-lang-2.50.4-160000.1.1
WebKitGTK-6.0-lang-2.50.4-160000.1.1
libjavascriptcoregtk-4_0-18-2.50.4-160000.1.1
libjavascriptcoregtk-4_1-0-2.50.4-160000.1.1
libjavascriptcoregtk-6_0-1-2.50.4-160000.1.1
libwebkit2gtk-4_0-37-2.50.4-160000.1.1
libwebkit2gtk-4_1-0-2.50.4-160000.1.1
libwebkitgtk-6_0-4-2.50.4-160000.1.1
typelib-1_0-JavaScriptCore-4_0-2.50.4-160000.1.1
typelib-1_0-JavaScriptCore-4_1-2.50.4-160000.1.1
typelib-1_0-JavaScriptCore-6_0-2.50.4-160000.1.1
typelib-1_0-WebKit-6_0-2.50.4-160000.1.1
typelib-1_0-WebKit2-4_0-2.50.4-160000.1.1
typelib-1_0-WebKit2-4_1-2.50.4-160000.1.1
typelib-1_0-WebKit2WebExtension-4_0-2.50.4-160000.1.1
typelib-1_0-WebKit2WebExtension-4_1-2.50.4-160000.1.1
typelib-1_0-WebKitWebProcessExtension-6_0-2.50.4-160000.1.1
webkit-jsc-4-2.50.4-160000.1.1
webkit-jsc-4.1-2.50.4-160000.1.1
webkit-jsc-6.0-2.50.4-160000.1.1
webkit2gtk-4_0-injected-bundles-2.50.4-160000.1.1
webkit2gtk-4_1-injected-bundles-2.50.4-160000.1.1
webk...
Read the Full AdvisoryReferences
* bsc#1250439
* bsc#1250440
* bsc#1250441
* bsc#1250442
* bsc#1251975
* bsc#1254164
* bsc#1254165
* bsc#1254166
* bsc#1254167
* bsc#1254168
* bsc#1254169
* bsc#1254170
* bsc#1254171
* bsc#1254172
* bsc#1254174
* bsc#1254175
* bsc#1254176
* bsc#1254177
* bsc#1254179
* bsc#1254208
* bsc#1254473
* bsc#1254498
* bsc#1254509
* bsc#1255183
* bsc#1255191
* bsc#1255194
* bsc#1255195
* bsc#1255198
* bsc#1255200
* bsc#1255497
References:
* https://www.suse.com/security/cve/CVE-2023-43000.html
* https://www.suse.com/security/cve/CVE-2025-13502.html
* https://www.suse.com/security/cve/CVE-2025-13947.html
* https://www.suse.com/security/cve/CVE-2025-14174.html
* https://www.suse.com/security/cve/CVE-2025-43272.html
* https://www.suse.com/security/cve/CVE-2025-43342.html
* https://www.suse.com/security/cve/CVE-2025-43343.html
* https://www.suse.com/security/cve/CVE-2025-43356.html
* https://www.suse.com/security/cve/CVE-2025-43368.html
* https://www.suse.com/security/cve/CVE-2025-43392.html
*...
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2026:20065-1
Rating: important
Affected Products:
openSUSE Leap 16.0
-------------------------------------------------------------
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!