Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE 15 SP6: 2025:0043-1 important: webkit2gtk3 crashes and memory issues

suse
Calendar Grey January 9, 2025
Dist Suse Esm H88
Patch release for webkit2gtk3 rectifying several severe vulnerabilities while enhancing overall efficiency and robustness.
* bsc#1234851 Cross-References: * CVE-2024-40866 * CVE-2024-44185

Summary

## This update for webkit2gtk3 fixes the following issues: Update to version 2.46.5 (bsc#1234851): Security fixes: * CVE-2024-54479: Processing maliciously crafted web content may lead to an unexpected process crash * CVE-2024-54502: Processing maliciously crafted web content may lead to an unexpected process crash * CVE-2024-54505: Processing maliciously crafted web content may lead to memory corruption * CVE-2024-54508: Processing maliciously crafted web content may lead to an unexpected process crash * CVE-2024-54534: Processing maliciously crafted web content may lead to memory corruption Other fixes: * Fix the build with GBM and release logs disabled. * Fix several crashes and rendering issues. * Improve memory consumption and performance of Canvas getImageData.

Topics%20covered

Topics Covered

security advisory software update memory corruption important SUSE webkit2gtk3 process crash

References

* bsc#1234851

Cross-

* CVE-2024-40866

* CVE-2024-44185

* CVE-2024-44187

* CVE-2024-44308

* CVE-2024-44309

* CVE-2024-54479

* CVE-2024-54502

* CVE-2024-54505

* CVE-2024-54508

* CVE-2024-54534

CVSS scores:

* CVE-2024-40866 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

* CVE-2024-40866 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

* CVE-2024-44185 ( SUSE ): 5.9

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2024-44185 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2024-44185 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2024-44185 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2024-44187 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:0043-1
Release Date: 2025-01-09T15:04:41Z
Rating: important

Topics%20covered

Topics Covered

security advisory software update memory corruption important SUSE webkit2gtk3 process crash

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here