Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

SUSE: 2025:0691-1 Important: webkit2gtk3 Command Injection & DoS Severity

suse
Calendar Grey February 24, 2025
Dist Suse Esm H88
SUSE reveals critical security enhancements for webkit2gtk3 tackling several vulnerabilities and bolstering system reliability.
* bsc#1236946 Cross-References: * CVE-2024-27856 * CVE-2024-54543

Summary

## This update for webkit2gtk3 fixes the following issues: Update to version 2.46.6 (bsc#1236946): * CVE-2025-24143: A maliciously crafted webpage may be able to fingerprint the user. * CVE-2025-24150: Copying a URL from Web Inspector may lead to command injection. * CVE-2025-24158: Processing web content may lead to a denial-of-service. * CVE-2025-24162: Processing maliciously crafted web content may lead to an unexpected process crash. Already fixed in previous releases: * CVE-2024-54543: Processing maliciously crafted web content may lead to memory corruption. * CVE-2024-27856: Processing a file may lead to unexpected app termination or arbitrary code execution. * CVE-2024-54658: Processing web content may lead to a denial-of-service. ## Patch Instructions:

References

* bsc#1236946

Cross-

* CVE-2024-27856

* CVE-2024-54543

* CVE-2024-54658

* CVE-2025-24143

* CVE-2025-24150

* CVE-2025-24158

* CVE-2025-24162

CVSS scores:

* CVE-2024-27856 ( SUSE ): 8.5

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2024-27856 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2024-27856 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2024-54543 ( SUSE ): 7.2

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2024-54543 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

* CVE-2024-54543 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2024-54543 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2024-54658 ( SUSE ): 7.1

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:0691-1
Release Date: 2025-02-24T13:12:41Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here